Purchase Linux CDs / DVDs / Flash Drives at OSDisc.com

Welcome to Our Community

While Linux.org has been around for a while, we recently changed management and had to purge most of the content (including users). If you signed up before April 23rd please sign up again. Thanks!

Connection OpenVPN with IPSec

Discussion in 'Linux Networking' started by eugen55ro, Jan 15, 2012.

  1. eugen55ro

    eugen55ro Guest

    Hi,

    I have a problem and I have not found the solution ... can anyone has any idea ...

    The situation is like this:

    I have two servers connected with Openswan (IPSec tunnel);

    From the PC behind the first server I can connect to PCs behind the second server.

    On the first server I have a tun0 interface (OpenVPN) that I connect on the first server outside the network.

    The problem is:

    How do I connect from outside through OpenVPN (tun0) PCs behind the second server (connected via IPsec to first)?

    Interfaces (first server):

    eth0 (WAN) IP: 111.111.111.111 (example)

    eth1 (LAN) IP: 192.168.10.1

    ipsec0 (IPsec) IP: 111.111.111.111 ( same WAN)

    tun0 (OpenVPN) IP: 10.8.0.1



    LAN class second server: 192.168.20.0/24

    I attached a scheme to understand better...

    Thanks in advance for your help.

    View attachment 103
     

    Attached Files:

  2. robthewolf

    robthewolf Guest

    post your ipsec.conf files from both ends of the vpn. I will take a look
     
  3. eugen55ro

    eugen55ro Guest

    Solved.
    Thanks.
     
  4. One key advantage of OpenVPN over IPsec is that some firewalls don't let ipsec traffic through but do let OpenVPN's UDP packets or TCP streams travel without hindrance.For ipsec to function your firefall either needs to be aware of (or needs to ignore and route without knowing what it is) packets of the IP protocol types ESP and AH as well as the more ubiquitous trio (TCP, UDP and ICMP).Of course you might find some corporate environments the other way around: allowing ipsec through but not OpenVPN, unless you do something crazy like tunneling it via HTTP, so it depends on your intended environments.
     
  5. Famous

    Famous Guest

    The IPSec is a set of protocols which operate on a network layer of the OSI Model - it protects the data sent between two endpoints by encrypting the IP traffic. Generally, the IPSec requires a dedicated hardware and/or software ("client" software) and specific knowledge to configure it properly and therefore is quite expensive to implement.
     
  6. chemic

    chemic Guest

    In Debian for make tunnel IPSEC I use package Racoon and ipsec-tool.
     
  7. sandeep3300

    sandeep3300 Guest

    How you resolve that, i also facing the same issue

    Thanks
     
  8. sandeep3300

    sandeep3300 Guest

    Hi Eugen55ro, How you resolve this, I am also facing the same issue, please explain me
     

Share This Page