Connection OpenVPN with IPSec

E

eugen55ro

Guest
Hi,

I have a problem and I have not found the solution ... can anyone has any idea ...

The situation is like this:

I have two servers connected with Openswan (IPSec tunnel);

From the PC behind the first server I can connect to PCs behind the second server.

On the first server I have a tun0 interface (OpenVPN) that I connect on the first server outside the network.

The problem is:

How do I connect from outside through OpenVPN (tun0) PCs behind the second server (connected via IPsec to first)?

Interfaces (first server):

eth0 (WAN) IP: 111.111.111.111 (example)

eth1 (LAN) IP: 192.168.10.1

ipsec0 (IPsec) IP: 111.111.111.111 ( same WAN)

tun0 (OpenVPN) IP: 10.8.0.1

LAN class second server: 192.168.20.0/24

I attached a scheme to understand better...

Thanks in advance for your help.

View attachment 103
 

Attachments

  • schema.JPG
    schema.JPG
    15.2 KB · Views: 2,716


post your ipsec.conf files from both ends of the vpn. I will take a look
 
One key advantage of OpenVPN over IPsec is that some firewalls don't let ipsec traffic through but do let OpenVPN's UDP packets or TCP streams travel without hindrance.For ipsec to function your firefall either needs to be aware of (or needs to ignore and route without knowing what it is) packets of the IP protocol types ESP and AH as well as the more ubiquitous trio (TCP, UDP and ICMP).Of course you might find some corporate environments the other way around: allowing ipsec through but not OpenVPN, unless you do something crazy like tunneling it via HTTP, so it depends on your intended environments.
 
The IPSec is a set of protocols which operate on a network layer of the OSI Model - it protects the data sent between two endpoints by encrypting the IP traffic. Generally, the IPSec requires a dedicated hardware and/or software ("client" software) and specific knowledge to configure it properly and therefore is quite expensive to implement.
 
In Debian for make tunnel IPSEC I use package Racoon and ipsec-tool.
 
Hi Eugen55ro, How you resolve this, I am also facing the same issue, please explain me
 

Members online


Top