I purchased the Business version of IPSec, for home use. I'd like to be able to connect to home while I'm on the road, I can fill out 1/2 of the info on the "new connection" screen for the IPSec setup, but I don't know the rest of the "remote" section since the network I'm going to be on will always be changing. Can someone help me figure out how to setup this roadwarrior setup?
Thanks,
B
Thanks,
B
Share this post:
Responses (12)
-
Accepted Answer
The three different packages available to configure IPsec all cater for LAN-LAN connections and not roadwarrior. Your best bet is OpenVPN. With IPsec (Openswan), for road warriors you need to install and configure xl2tpd as well and it will be a fully manual configuration. If the IPsec package has switched to Libreswan, then have a look on their site for how to do a roadwarrior connection. I think their example uses certificates but you can probably also do it with PSK's.
The pain-free way is OpenVPN. -
Accepted Answer
Nick,
thanks for clarifying this one.
I've a similar setup, though I got a IPSec (static route) already running and stability testing through days of pining the ip. Good so far and almost a purchase for me...!
BUT: if I have this static IPsec route running, how can I connect my 4-5 road warriors additionally onto the same server? Just install OpenVPN and keep it running with Static IPsec at the same time?
Or is it that only one can coexist to each other?
Thanks in advance!!! -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Nick Howitt wrote:
Because your local and remote subnets are adjacent and in the same /23 subnet, you can't use my cute way. I'll post a more detailed instructions later today as I need to test one thing.
Nick,
I can definately still change the remote subnet to whatever would be needed. I just have to get these road warriors on board ... somehow
I would post this job on guru.com if you like to help me!
Cheers
Sascha -
Accepted Answer
Just got home and tested.
The cute/easy way is to put your OpenVPN subnet (in /etc/openvpn/clients.conf) and your LAN subnet on adjacent subnets which can then form part of a larger subnet. As an example you could switch your LAN subnet to 10.8.1.0/24. Then in IPsec your local subnet becomes 10.8.0.0/23 and your remote one stays as 192.168.131.0/24. Then in /etc/clearos/network.conf set EXTRALANS to 192.168.131.0/24. Then restart OpenVPN and everything should work. Alternatively move OpenVPN to 192.168.131.0/24 then in IPsec your local LAN becomes 192.168.130.0/23. You would then choose something else for your remote LAN and put that something else into EXTRALANS in /etc/clearos/network.conf and restart OpenVPN. Make the remote IPsec configuration match your local one. I hope you get the picture. The key thing is to get your local LAN onto an adjacent subnet to the OpenVPN LAN such that they form part of a larger subnet.
If you don't want to change your LANs you don't have to. Unfortunately the Webconfig IPsec interface does not support multiple LANs in the local/remote subnet lines even though the underlying package, libreswan, does. You can go to a manual configuration (but it uses a slightly different syntax for multiple LANs), but you can also get round it with the webconfig. In the webconfig you have to create an identical connection to your current LAN/LAN connection, only changing the name and the local subnet which you set to your OpenVPN subnet (10.8.0.0/24). Again, mirror this at the remote end. It is essential that the PSK's of both connections are the same. As before, in /etc/clearos/network.conf set EXTRALANS to 192.168.131.0/24 and restart OpenVPN. -
Accepted Answer
We are considering upgrading our ClearOS 6 machine to 7, and I saw this offered as a $25 addon to the subscription.
I need to get my users onto their office desktops from home or the road. Right now we use port forwarding, which works fine but is not very secure.
From the description in this thread, I'm guessing this is way too complicated for our needs.
Is there any way I can give my users access using the Windows Remote Desktop app, but with better security than forwarding ports through our gateway, that doesn't require elaborate setup on their home machines? -
Accepted Answer
Hi Greg,
IPsec within ClearOS is only really for LAN-LAN connections. You can set up libreswan on your own for roadwarriors using IKEv2 but you can't use the ClearOS webconfig as it is missing a setting or two.
The only real VPN alternatives are PPTP and OpenVPN. PPTP is not so secure these days but has the advantage it is built into many OS's and in Windoze can cache the password allowing an autoconnect. OpenVPN is more secure. If you need, it is very easy to unbolt the user/pass bit so it only needs certificates to connect and this is probably not much different to Windoze caching the password. If you do this, the PC can automatically connect on boot up if you set the service to start, otherwise it will automatically connect when you start connection the OpenVPN GUI without prompting for a password.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »