Can OpenSWAN replace OpenVPN?

linux ubuntu centos openvpn openswan
9,720

IPSec works differently than OpenVPN, I think you will not be able to do exactly the same with SWAN than you do with OpenVPN. There are OpenVPN clients for phones, but yes many of them only include ipsec clients.

What you probably want to do is to setup a tunnel with OpenSWAN and then use that tunneled connection to start a PPP connection/L2TP over it. That will be the part responsible to providing the 'client ip' to the road warriors. This is an article with some examples. The OpenSWAN site also has some quick info on it.

Remember also that IPSec in general is horrible dealing with NATs and that may increase the complexity of the setup.

Share:
9,720

Related videos on Youtube

Sandra
Author by

Sandra

Updated on September 18, 2022

Comments

  • Sandra
    Sandra over 1 year

    Background

    I have a working OpenVPN setup right now, where users can connect the the private network at home with their computers.

    However most phones only support IPSec, so I would like to offer the same service for phones with IPSec as I do for computers with OpenVPN.

    Problem

    I can't find any tutorials that describes how to configure OpenSWAN to offer a private IP to the client.

    With my OpenVPN, clients have to provide a key and passphrase to get access.

    Question

    Can OpenSWAN be configured to give a private IP to the clients, similar to my OpenVPN setup?

    OpenVPN config

    port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/secrets/server.crt
key /etc/openvpn/secrets/server.key
dh /etc/openvpn/secrets/dh1024.pem
server 192.168.240.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.10.64.0  255.255.252.0"
push "dhcp-option DNS xxx.xxx.xxx.xxx"
duplicate-cn
keepalive 10 120
comp-lzo
user openvpn
group openvpn
persist-key
persist-tun
status /var/log/openvpn-status.log
log-append  /var/log/openvpn.log
verb 4
mute 20
plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-ldap.so "/etc/openvpn/auth/ldap.conf"
script-security 2
auth-user-pass-verify /etc/openvpn/scripts/check_cn_on_connect.sh via-env
learn-address /etc/openvpn/scripts/log_clients_ip.sh
  • Sandra
    Sandra almost 12 years
    So OpenSWAN is not intended to offer many clients access a private network, but rather only host2host?
  • coredump
    coredump almost 12 years
    No, the thing is that OpenSWAN only creates a transport, doesn't deal with interfaces and stuff like this. You can create many ppp connections and all will be using the underlying IPSec created by OpenSWAN.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
VPN on Ubuntu server
Where is the error page location of squid proxy server?
How to autostart OpenVPN (client) on Ubuntu 12.04 CLI?
OpenVPN - Connects but no internet on Linux, works perfectly on Windows
Sending Packets to tap0 interface
chroot on OSX as a different OS
Difference between ${} and $() in a shell script
How to test if I have a working VPN connection?
VPN Client is unable to initiate a connection to the VPN server when the server Firewall does not allow incoming OpenSSH connections