Connection OpenVPN with IPSec

Discussion in 'Linux Networking' started by eugen55ro, Jan 15, 2012.

  1. eugen55ro

    eugen55ro New Member

    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0
    Hi,

    I have a problem and I have not found the solution ... can anyone has any idea ...

    The situation is like this:

    I have two servers connected with Openswan (IPSec tunnel);

    From the PC behind the first server I can connect to PCs behind the second server.

    On the first server I have a tun0 interface (OpenVPN) that I connect on the first server outside the network.

    The problem is:

    How do I connect from outside through OpenVPN (tun0) PCs behind the second server (connected via IPsec to first)?

    Interfaces (first server):

    eth0 (WAN) IP: 111.111.111.111 (example)

    eth1 (LAN) IP: 192.168.10.1


    ipsec0 (IPsec) IP: 111.111.111.111 ( same WAN)

    tun0 (OpenVPN) IP: 10.8.0.1

    LAN class second server: 192.168.20.0/24

    I attached a scheme to understand better...

    Thanks in advance for your help.

    schema.JPG
  2. robthewolf

    robthewolf New Member

    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0
    post your ipsec.conf files from both ends of the vpn. I will take a look
  3. eugen55ro

    eugen55ro New Member

    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0
    Solved.
    Thanks.
  4. Stefano Messicano

    Stefano Messicano New Member

    Messages:
    88
    Likes Received:
    1
    Trophy Points:
    0
    One key advantage of OpenVPN over IPsec is that some firewalls don't let ipsec traffic through but do let OpenVPN's UDP packets or TCP streams travel without hindrance.For ipsec to function your firefall either needs to be aware of (or needs to ignore and route without knowing what it is) packets of the IP protocol types ESP and AH as well as the more ubiquitous trio (TCP, UDP and ICMP).Of course you might find some corporate environments the other way around: allowing ipsec through but not OpenVPN, unless you do something crazy like tunneling it via HTTP, so it depends on your intended environments.
  5. Famous

    Famous New Member

    Messages:
    57
    Likes Received:
    0
    Trophy Points:
    0
    The IPSec is a set of protocols which operate on a network layer of the OSI Model - it protects the data sent between two endpoints by encrypting the IP traffic. Generally, the IPSec requires a dedicated hardware and/or software ("client" software) and specific knowledge to configure it properly and therefore is quite expensive to implement.
  6. chemic

    chemic New Member

    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    0
    In Debian for make tunnel IPSEC I use package Racoon and ipsec-tool.
  7. sandeep3300

    sandeep3300 New Member

    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0
    How you resolve that, i also facing the same issue

    Thanks
  8. sandeep3300

    sandeep3300 New Member

    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0
    Hi Eugen55ro, How you resolve this, I am also facing the same issue, please explain me

Share This Page