Topic: IPSEC Roadwarrior connection

[Jon Blakely]

I am trying to set up an IPSEC Roadwarrior type connection to my SME 5.6u4.
I have installed Free/SWAN 1.99 with the x509 cert patches. I am using SSH Sentinel 1.4 on the mobile computer. I can connect and get a tunnel to the SME but that is far as it gets. I cannot ping or browse the network behind the SME.
Has anyone managed to get this type of connection working and share their ipsec.conf configuration.

I would also be interested if anyone has managed to install l2tp daemon on SME in conjunction with Free/SWAN and use M$ ipec/l2tp vpn client to connect remotely to a SME server.

PPTP connections work fine. I do not have a firewall before the SME.

I have to give a lecture on VPN's at a conference and at the same time I am going to demo SME server. I have been going around in circles reading any info I can find on Free/SWAN.

Cheers,

Jon

[TrevorB]

Jon,

can't help you practically yet, but I was researching it with the idea of setting it up soon (gunna....).

Found a couple of what appeared sensible sites including this one
http://www.natecarlson.com/linux/ipsec-x509.php

Good luck, I would be interested in seeing how you go (and even a nice howto).

Trevor B

[TrevorB]

Also found this, which whilst it refers to a specific product, has a very in-depth discussion on connecting to freeswan.

http://www.ssh.com/documents/31/ssh_sentinel_14_freeswan.pdf

Trevor B

PS. How did you get the X509 cert support?

[Jon Blakely]

Trevor,

I've visited both those sites many times in my research.

I got pre-patched x509 freeswan rpms for SME5.6 kernel 2.4.18-5 at

http://download.freeswan.ca/freeswan-x509/RedHat-RPMs/2.4.18-5/

Jon

[crazybob]

anybody have any luck with this. I am concidering trying this with SME 6.0-01. I have freeswan tunnel running between two 6.0-01 boxes, and want to try loging in remotely from a different location, but not setting up a permanent tunnel.

[psc]

OpenVPN works great for roadwarriors !

Have a look at:

http://sme.swerts-knudsen.dk/howtos/howto_30.htm

Peter

[TrevorB]

OpenVPN works great for roadwarriors !

Have a look at:

http://sme.swerts-knudsen.dk/howtos/howto_30.htm

Peter

Which is how I have gone crazybob

TrevorB

[crazybob]

I am al little affraid to try the open vpn as I am not sure how it will effect the ipsce connection. I remember readint where a normal pptp connection into a box running freeswan will break the ipsec tunnel. Any insight to this.

Thanks

Bob

[TrevorB]

I am al little affraid to try the open vpn as I am not sure how it will effect the ipsce connection. I remember readint where a normal pptp connection into a box running freeswan will break the ipsec tunnel. Any insight to this.

Thanks

Bob

Can't tell you from experience as I gave up on IPSEC and went wholly with OpenVPN, but OpenVPN uses it's own ports and doen't play with anything that I can see that would upset IPSEC connectivity.

Maybe someone else has 'real-life' experiences.

Can you test it on a test box?

Trevor B

[crazybob]

Have you tried a site to site openvpn? I do notknow if there is a how to for this on contribs.org. I am on ane extreamly slow connection, and it takes ever for a search to compleate. If you know of a how to, please drop a note.

Thanks

bob

[TrevorB]

Have you tried a site to site openvpn?

No,
I have only used it for 'road warriors' (me )

I do notknow if there is a how to for this on contribs.org. I am on ane extreamly slow connection, and it takes ever for a search to compleate. If you know of a how to, please drop a note.

Thanks

bob

The howto at http://sme.swerts-knudsen.dk/howtos/howto_30.htm tells you how to setup OpenVPN in 'road warrior' mode.
For smeserver to smeserver mode, one smeserver will act as the 'server' and another as the 'client'. Once OpenVPN is installed it is just a matter of tweaking the config files.

Also, there is a lot of infrmation available at http://OpenVPN.org

Trevor B
PS. I didn't actually follow swerts howto as I had already installed OpenVPN, but I did use his later RPM's. You can find a copy of my 'server' config at http://www.ibiblio.org/pub/Linux/distributions/smeserver/contribs/trevorb/beta/openvpn/

[crazybob]

Thanks for the info Trevor. I will be attempting to set up a site to site in the next couple of weeks, and will let you know how it goes. I plan on using Knuddi's and yor configurations to try to get the client side configured.


Bob

[dmajwool]

Hi Crazybob.

Did you have any luck with your site-to-site openvpn?  
Can you share any howto about getting it running?

Thanks, David.

[crazybob]

For the time being, I am using "roadwarior" setup on openvpn. This works great. I will probably be trying to setup site to site later this summer. I hape to resolve how to have both site to site and roadwarior into the same server.

Bob