Can OpenSWAN replace OpenVPN?
IPSec works differently than OpenVPN, I think you will not be able to do exactly the same with SWAN than you do with OpenVPN. There are OpenVPN clients for phones, but yes many of them only include ipsec clients.
What you probably want to do is to setup a tunnel with OpenSWAN and then use that tunneled connection to start a PPP connection/L2TP over it. That will be the part responsible to providing the 'client ip' to the road warriors. This is an article with some examples. The OpenSWAN site also has some quick info on it.
Remember also that IPSec in general is horrible dealing with NATs and that may increase the complexity of the setup.
Related videos on Youtube
Sandra
Updated on September 18, 2022Comments
-
Sandra over 1 year
Background
I have a working OpenVPN setup right now, where users can connect the the private network at home with their computers.
However most phones only support IPSec, so I would like to offer the same service for phones with IPSec as I do for computers with OpenVPN.
Problem
I can't find any tutorials that describes how to configure OpenSWAN to offer a private IP to the client.
With my OpenVPN, clients have to provide a key and passphrase to get access.
Question
Can OpenSWAN be configured to give a private IP to the clients, similar to my OpenVPN setup?
OpenVPN config
port 1194 proto udp dev tun ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt cert /etc/openvpn/secrets/server.crt key /etc/openvpn/secrets/server.key dh /etc/openvpn/secrets/dh1024.pem server 192.168.240.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "route 10.10.64.0 255.255.252.0" push "dhcp-option DNS xxx.xxx.xxx.xxx" duplicate-cn keepalive 10 120 comp-lzo user openvpn group openvpn persist-key persist-tun status /var/log/openvpn-status.log log-append /var/log/openvpn.log verb 4 mute 20 plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-ldap.so "/etc/openvpn/auth/ldap.conf" script-security 2 auth-user-pass-verify /etc/openvpn/scripts/check_cn_on_connect.sh via-env learn-address /etc/openvpn/scripts/log_clients_ip.sh
-
Sandra almost 12 yearsSo OpenSWAN is not intended to offer many clients access a private network, but rather only host2host?
-
coredump almost 12 yearsNo, the thing is that OpenSWAN only creates a transport, doesn't deal with interfaces and stuff like this. You can create many ppp connections and all will be using the underlying IPSec created by OpenSWAN.