Basic Openswan question

Hi Paul,

I'm new to IPSec and it's true, i'm a bit confused. I know
that IPSec operates on two modes, tunnel and transport mode.


I managed to secure the connection to the terminal server in
WinXP -> Win 2k3 server and i didn't have to specify a
VPN. In the win2k3 server machine i configure the IPSec
policy to receive only IPSec traffic (using certificates) on
the TCP port 3389 (for terminal server) for all the
connections. And from the client side (Win XP) i specify to
use IPSec with certificate for all the traffic going out to
TCP 3389. In this way someone can connect to the terminal
server from any place and still can connect as far as (s)he
has the right certificates. To be honest with you i don't
know which mode this is (sorry for my ignorance).

The problem is that this i have to do from linux thin
clients as well, and that's why i wanted to use Openswan.
But from whatever i red is that there should be two gateways
(A and B) connected with the VPN... 

Thanks a lot and sorry for the trouble
,Ladi
 

---------------------

If you can't be a highway, be a trail. If you can't be the
sun, be a star. It is not by size, that you win or fail. Be
the best of what you are!

----- Original Message ----
From: Paul Wouters <paulxelerance.com>
To: Ladi <mafjayahoo.com>
Cc: usersopenswan.org
Sent: Tuesday, November 28, 2006 11:31:16 PM
Subject: Re: [Openswan Users] Basic Openswan question

On Mon, 27 Nov 2006, Ladi wrote:

>
> When implementing IPSec in windows you can choose if
you want to create a VPN or not. This doesn't seem to be the
case with Openswan. I hope it will be implemented in the
future.

I have no idea what you mean? IPsec comes in various modes,
the most
obvious two being Transport Mode and Tunnel Mode.  VPN's use
Tunnel Mode,
while L2TP/IPsec uses Transport Mode. Perhaps you are
referring to this?
Openswan supports both.

If you are referring to non-ipsec connections, you would
mean PPTP, which
is implemented in different software on linux, called
pptp-linux.

Paul





 
____________________________________________________________
________________________
Yahoo! Music Unlimited
Access over 1 million songs.
http://music.yahoo.c
om/unlimited
_______________________________________________
Usersopenswan.org
http
://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with
Openswan: 
http://www.amazon.com/gp/product/1904811
256/104-3099591-2946327?n=283155

On Tue, 28 Nov 2006, Ladi wrote:

> I'm new to IPSec and it's true, i'm a bit confused. I
know that IPSec operates on two modes, tunnel and transport
mode.
>
> I managed to secure the connection to the terminal
server in WinXP -> Win 2k3 server and i didn't have to
specify a VPN. In the win2k3 server machine i configure the
IPSec policy to receive only IPSec traffic (using
certificates) on the TCP port 3389 (for terminal server) for
all the connections. And from the client side (Win XP) i
specify to use IPSec with certificate for all the traffic
going out to TCP 3389. In this way someone can connect to
the terminal server from any place and still can connect as
far as (s)he has the right certificates. To be honest with
you i don't know which mode this is (sorry for my
ignorance).

If it is ipsec, it is a transport mode or tunnel mode ipsec
connection. Sniff between the machines and see what you
find.
I'm pretty sure it will not be port 3389 if it is using
ipsec policies.

Paul
_______________________________________________
Usersopenswan.org
http
://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with
Openswan: 
http://www.amazon.com/gp/product/1904811
256/104-3099591-2946327?n=283155