Dimante Computer Services LLC: Forums / NCP Software Support/Questions / Openswan/Freeswan & NCP Secure Client

Dimante Computer Services LLC :: Forums :: General :: NCP Software Support/Questions		<< Previous thread \| Next thread >>
Openswan/Freeswan & NCP Secure Client


Moderators: dimante	This thread is now closed

Author

Post

dimante

Sat Apr 05 2008, 09:53AM

dimante

Registered Member #1

Joined: Sun Nov 04 2007, 06:22PM

Posts: 11

A lot of customers opt to use their existing Open/Freeswan VPN Servers in conjunction with our VPN Client, and this is no problem. Please bear in mind that NCP also provides an IPsec and feature rich VPN gateway ("Secure Server") for Linux (SuSE & RedHat / Fedora)

You may also be interested to know that we have the same client available for Linux platforms (primarily SuSE and RedHat/Fedora), as well as for PDAs running on PocketPC2002/3.

Below there's an example configuration (which is to be used as a starting point, please refer to the URLs listed at the end of the document for further information on how to implement other features as this is by no means a 'full configuration'). In this test set up, the VPN server "vpn-gw01" is listening on 22.23.24.25. (Please also have a look at a document on our website with how to configure the client: http://www.ncp.de/fileadmin/pdf/service_support/NCP_QCG_Entry_Client_VPNC.pdf)

The items within the < and > are variables you need to enter, such as passwords. This configuration assumes you're using certificates as a basis to authenticate with. Unfortunatly there isn't an example on how to configure it with the use of pre-shared keys. If you are not familiar with how to create the certificates, please refer to the http://www.natecarlson.com/linux/ipsec-x509.php#gencert which nicely outlines how to do this on a Linux box.

Two files that need to be configured: ipsec.secrets and ipsec.conf

[root@vpn-gw01]# less /etc/ipsec.secrets
#
# IPSEC SECRET FILE
#
%any 22.23.24.25 : RSA vpngw.key ""
#

[root@vpn-gw01]# less /etc/ipsec.conf
# /etc/ipsec.conf - Openswan IPsec configuration file
version 2.0 # conforms to second version of ipsec.conf specification

# basic configuration
config setup
interfaces=ipsec0=eth1
#interfaces=%defaultroute
nat_traversal=yes
virtual_private=%v4:x.x.x.x/24 # x.x.x.x internal network
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
plutodebug="control parsing"

# Add connections here
conn %default
keyingtries=1
compress="no" #this should now be supported: so "yes" is possible

disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
left=22.23.24.25
leftcert=vpngw.pem #vpngw.pem is the server's certificate

conn roadwarrior-net
leftsubnet=x.x.x.x/24 # x.x.x.x internal network
also=roadwarrior

conn roadwarrior-all
leftsubnet=0.0.0.0/0
also=roadwarrior

conn roadwarrior
right=%any
rightsubnet=vhost:%no,%priv
auto=start
pfs=yes

include /etc/ipsec.d/examples/no_oe.conf

[root@vpn-gw01 /]#

Other links that may be helpful:
http://www.openswan.org/docs/local/README.x509 &
http://wiki.openswan.org
/index.php/Configuring &
http://www.natecarlson.com/linux/ipsec-x509.php#configgw

Disclaimer
Considerable care has been taken in the preparation of this document, errors in content, typographical or otherwise may occur. If you have any comments or recommendations concerning the accuracy, then please contact NCP as desired.
NCP makes no representations or warranties with respect to the contents or use of this document, and explicitly disclaims all expressed or implied warranties of merchantability or use for any particular purpose. Furthermore, NCP reserves the right to revise this publication and to make amendments to the content, at any time, without obligation to notify any person or entity of such revisions and changes.

Trademarks
All trademarks or registered trademarks appearing in this manual belong to their respective owners.

© 2005 NCP Engineering GmbH. All rights reserved.


Jump: Back to top