Hi,
I'm currently starting with VPN and I'm not too sure what I can and what I can not do. Hope you gyus could help me to clear few things up.
1. I have VPS on Digital Ocean, Ubuntu 16.04
2. I've started a StrongSwan VPN on it.
3. I succesfully connected to the server with my Windows client and my conections to the internet are routed via vps. It is vps's IP that I use outside. So that's fine.
4. What I'm actually trying to do is to make what I belive is called host-site connection.
5. I have a device with GSM modem and VPN capability. I succesfully connected it to the VPN:
ipsec statusall:
Connections:
rw: %any...%any IKEv1 Aggressive, dpddelay=15s
rw: local: [my.vps.ip] uses pre-shared key authentication
rw: remote: uses pre-shared key authentication
rw: child: 172.17.0.0/16 === dynamic TUNNEL, dpdaction=clear
ikev2-vpn: %any...%any IKEv2, dpddelay=300s
ikev2-vpn: local: [159.89.10.55] uses public key authentication
ikev2-vpn: cert: "C=US, O=VPN Server, CN=myip"
ikev2-vpn: remote: uses EAP_MSCHAPV2 authentication with EAP identity '%any'
ikev2-vpn: child: 0.0.0.0/0 === dynamic TUNNEL, dpdaction=clear
Security Associations (1 up, 0 connecting):
rw[10]: ESTABLISHED 88 seconds ago, 159.89.x.x[159.89.x.x]...83.x.x.x[192.168.1.22]
rw[10]: IKEv1 SPIs: da54ad243ec56b10_i 4c86445740b464d6_r*, pre-shared key reauthentication in 7 hours
rw[10]: IKE proposal: AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
***
What I can not do:
Device - - Internet - - VPN Gateway on OpenSwan - - Internet -- client
basically:
1. The client and the device are connected to the VPN independently and they are far apart.
2. StrongSwan routes the way between them acting as server.
Is that possible?
In all scenarios on the strongswan wiki gateway has two network interfaces, I have a feeling that this is crucial but can anyone explain it to me a little more?
Thanks,
Bernie
I'm currently starting with VPN and I'm not too sure what I can and what I can not do. Hope you gyus could help me to clear few things up.
1. I have VPS on Digital Ocean, Ubuntu 16.04
2. I've started a StrongSwan VPN on it.
3. I succesfully connected to the server with my Windows client and my conections to the internet are routed via vps. It is vps's IP that I use outside. So that's fine.
4. What I'm actually trying to do is to make what I belive is called host-site connection.
5. I have a device with GSM modem and VPN capability. I succesfully connected it to the VPN:
ipsec statusall:
Connections:
rw: %any...%any IKEv1 Aggressive, dpddelay=15s
rw: local: [my.vps.ip] uses pre-shared key authentication
rw: remote: uses pre-shared key authentication
rw: child: 172.17.0.0/16 === dynamic TUNNEL, dpdaction=clear
ikev2-vpn: %any...%any IKEv2, dpddelay=300s
ikev2-vpn: local: [159.89.10.55] uses public key authentication
ikev2-vpn: cert: "C=US, O=VPN Server, CN=myip"
ikev2-vpn: remote: uses EAP_MSCHAPV2 authentication with EAP identity '%any'
ikev2-vpn: child: 0.0.0.0/0 === dynamic TUNNEL, dpdaction=clear
Security Associations (1 up, 0 connecting):
rw[10]: ESTABLISHED 88 seconds ago, 159.89.x.x[159.89.x.x]...83.x.x.x[192.168.1.22]
rw[10]: IKEv1 SPIs: da54ad243ec56b10_i 4c86445740b464d6_r*, pre-shared key reauthentication in 7 hours
rw[10]: IKE proposal: AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
***
What I can not do:
Device - - Internet - - VPN Gateway on OpenSwan - - Internet -- client
basically:
1. The client and the device are connected to the VPN independently and they are far apart.
2. StrongSwan routes the way between them acting as server.
Is that possible?
In all scenarios on the strongswan wiki gateway has two network interfaces, I have a feeling that this is crucial but can anyone explain it to me a little more?
Thanks,
Bernie