Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Jon Blakely on August 06, 2003, 02:52:42 PM

Title: IPSEC Roadwarrior connection
Post by: Jon Blakely on August 06, 2003, 02:52:42 PM: I am trying to set up an IPSEC Roadwarrior type connection to my SME 5.6u4.
I have installed Free/SWAN 1.99 with the x509 cert patches. I am using SSH Sentinel 1.4 on the mobile computer. I can connect and get a tunnel to the SME but that is far as it gets. I cannot ping or browse the network behind the SME.
Has anyone managed to get this type of connection working and share their ipsec.conf configuration.

I would also be interested if anyone has managed to install l2tp daemon on SME in conjunction with Free/SWAN and use M$ ipec/l2tp vpn client to connect remotely to a SME server.

PPTP connections work fine. I do not have a firewall before the SME.

I have to give a lecture on VPN's at a conference and at the same time I am going to demo SME server. I have been going around in circles reading any info I can find on Free/SWAN.

Cheers,

Jon
Title: Re: IPSEC Roadwarrior connection
Post by: TrevorB on August 06, 2003, 04:02:03 PM: Jon,

can't help you practically yet, but I was researching it with the idea of setting it up soon (gunna....).

Found a couple of what appeared sensible sites including this one
http://www.natecarlson.com/linux/ipsec-x509.php

Good luck, I would be interested in seeing how you go (and even a nice howto).

Trevor B
Title: Re: IPSEC Roadwarrior connection
Post by: TrevorB on August 06, 2003, 04:10:47 PM: Also found this, which whilst it refers to a specific product, has a very in-depth discussion on connecting to freeswan.

http://www.ssh.com/documents/31/ssh_sentinel_14_freeswan.pdf

Trevor B

PS. How did you get the X509 cert support?
Title: Re: IPSEC Roadwarrior connection
Post by: Jon Blakely on August 06, 2003, 05:28:55 PM: Trevor,

I've visited both those sites many times in my research.

I got pre-patched x509 freeswan rpms for SME5.6 kernel 2.4.18-5 at

http://download.freeswan.ca/freeswan-x509/RedHat-RPMs/2.4.18-5/

Jon
Title: IPSEC Roadwarrior connection
Post by: crazybob on March 09, 2005, 06:59:00 PM: anybody have any luck with this. I am concidering trying this with SME 6.0-01. I have freeswan tunnel running between two 6.0-01 boxes, and want to try loging in remotely from a different location, but not setting up a permanent tunnel.
Title: IPSEC Roadwarrior connection
Post by: psc on March 10, 2005, 07:21:34 AM: OpenVPN works great for roadwarriors !

Have a look at:

http://sme.swerts-knudsen.dk/howtos/howto_30.htm

Peter
Title: IPSEC Roadwarrior connection
Post by: TrevorB on March 10, 2005, 11:21:14 AM: Quote from: "psc"
OpenVPN works great for roadwarriors !

Have a look at:

http://sme.swerts-knudsen.dk/howtos/howto_30.htm

Peter

Which is how I have gone crazybob

TrevorB
Title: IPSEC Roadwarrior connection
Post by: crazybob on March 10, 2005, 06:25:01 PM: I am al little affraid to try the open vpn as I am not sure how it will effect the ipsce connection. I remember readint where a normal pptp connection into a box running freeswan will break the ipsec tunnel. Any insight to this.

Thanks

Bob
Title: IPSEC Roadwarrior connection
Post by: TrevorB on March 10, 2005, 11:05:00 PM: Quote from: "crazybob"
I am al little affraid to try the open vpn as I am not sure how it will effect the ipsce connection. I remember readint where a normal pptp connection into a box running freeswan will break the ipsec tunnel. Any insight to this.

Thanks

Bob

Can't tell you from experience as I gave up on IPSEC and went wholly with OpenVPN, but OpenVPN uses it's own ports and doen't play with anything that I can see that would upset IPSEC connectivity.

Maybe someone else has 'real-life' experiences.

Can you test it on a test box?

Trevor B
Title: IPSEC Roadwarrior connection
Post by: crazybob on March 11, 2005, 03:18:42 AM: Have you tried a site to site openvpn? I do notknow if there is a how to for this on contribs.org. I am on ane extreamly slow connection, and it takes ever for a search to compleate. If you know of a how to, please drop a note.

Thanks

bob
Title: IPSEC Roadwarrior connection
Post by: TrevorB on March 13, 2005, 09:36:31 AM: Quote from: "crazybob"
Have you tried a site to site openvpn?
No,
I have only used it for 'road warriors' (me :-))
Quote
I do notknow if there is a how to for this on contribs.org. I am on ane extreamly slow connection, and it takes ever for a search to compleate. If you know of a how to, please drop a note.

Thanks

bob
The howto at http://sme.swerts-knudsen.dk/howtos/howto_30.htm tells you how to setup OpenVPN in 'road warrior' mode.
For smeserver to smeserver mode, one smeserver will act as the 'server' and another as the 'client'. Once OpenVPN is installed it is just a matter of tweaking the config files.

Also, there is a lot of infrmation available at http://OpenVPN.org

Trevor B
PS. I didn't actually follow swerts howto as I had already installed OpenVPN, but I did use his later RPM's. You can find a copy of my 'server' config at http://www.ibiblio.org/pub/Linux/distributions/smeserver/contribs/trevorb/beta/openvpn/
Title: IPSEC Roadwarrior connection
Post by: crazybob on March 13, 2005, 01:40:40 PM: Thanks for the info Trevor. I will be attempting to set up a site to site in the next couple of weeks, and will let you know how it goes. I plan on using Knuddi's and yor configurations to try to get the client side configured.

Bob
Title: IPSEC Roadwarrior connection
Post by: dmajwool on May 20, 2005, 02:15:33 PM: Hi Crazybob.

Did you have any luck with your site-to-site openvpn?
Can you share any howto about getting it running?

Thanks, David.
Title: IPSEC Roadwarrior connection
Post by: crazybob on May 22, 2005, 02:41:23 AM: For the time being, I am using "roadwarior" setup on openvpn. This works great. I will probably be trying to setup site to site later this summer. I hape to resolve how to have both site to site and roadwarior into the same server.

Bob