Hi,
I have an existing freeswan (I had written openswan in error previously) installation on an older version of Linux that I'd like to migrate to Fedora FC14.
How difficult would it be to migrate the information to be used with openvpn?
I have a net-to-net configuration, as well as road warriors on one side. How much of the information will be reusable and what will I have to recreate? I'm not really very knowledgeable about VPNs, but have a basic understanding.
What problems will I encounter when doing a conversion? Is there an existing set of steps detailed somewhere? I didn't have much luck searching online for info. Will I be able to convert one side and test connectivity with the other, or will both sides have to be converted at the same time?
What information can I provide to assist with this process?
Thanks so much,
Alex
Converting from FreeSwan?
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
gladiatr72
- Forum Team
- Posts: 194
- Joined: Mon Dec 13, 2010 3:51 pm
- Location: Lawrence, KS
Re: Converting from FreeSwan?
Hello, Alex,
FreeSWAN and OpenVPN are similar only in that proper configuration and deployment results in similar functionality. If you are using properly signed certificates (not self-signed) with your current setup, those certificates will likely function with OpenVPN as well.
Once you have a handle on how you want OpenVPN to work in your environment, you can easily deploy it on the same system that is currently serving IPSec connectivity and migrate your road warriors away from IPSec. Since you're not a VPN wiz, I would encourage you to do your configuration testing on systems other than your production VPN concentrator. OpenVPN will make modifications to your routing tables, so you will want to have a handle on what it is doing relative to what you currently have before putting those two cats in the same closet.
Assuming you've thought out why you want to migrate, I find OpenVPN to be a much less constrictive system to work with while providing a good, strong crypto framework for protecting data and linking remote sites together.
Let us know if you run into any roadblocks after you've gotten your initial configuration in place. Most questions can be answered from the documentation page (http://openvpn.net) and there are also the openvpn mailing lists.
Good luck!
Regards,
Stephen
FreeSWAN and OpenVPN are similar only in that proper configuration and deployment results in similar functionality. If you are using properly signed certificates (not self-signed) with your current setup, those certificates will likely function with OpenVPN as well.
Once you have a handle on how you want OpenVPN to work in your environment, you can easily deploy it on the same system that is currently serving IPSec connectivity and migrate your road warriors away from IPSec. Since you're not a VPN wiz, I would encourage you to do your configuration testing on systems other than your production VPN concentrator. OpenVPN will make modifications to your routing tables, so you will want to have a handle on what it is doing relative to what you currently have before putting those two cats in the same closet.
Assuming you've thought out why you want to migrate, I find OpenVPN to be a much less constrictive system to work with while providing a good, strong crypto framework for protecting data and linking remote sites together.
Let us know if you run into any roadblocks after you've gotten your initial configuration in place. Most questions can be answered from the documentation page (http://openvpn.net) and there are also the openvpn mailing lists.
Good luck!
Regards,
Stephen
[..]I used to think it was awful that life was so unfair. [...]Wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? -Marcus Cole
-
gossamer
- OpenVpn Newbie
- Posts: 2
- Joined: Thu Jan 06, 2011 2:20 am
Re: Converting from FreeSwan?
What is the difference between self-signed and properly signed? They weren't signed by a cert authority, if that's what you mean...gladiatr72 wrote:Hello, Alex,
FreeSWAN and OpenVPN are similar only in that proper configuration and deployment results in similar functionality. If you are using properly signed certificates (not self-signed) with your current setup, those certificates will likely function with OpenVPN as well.
Are there any menu-based programs to assist with the process?Let us know if you run into any roadblocks after you've gotten your initial configuration in place. Most questions can be answered from the documentation page (http://openvpn.net) and there are also the openvpn mailing lists.
I'm sure this is documented in the reference you provided, but thought it might be a good way to get started quickly and for something to focus my reading on.
Thanks again,
Alex
-
gladiatr72
- Forum Team
- Posts: 194
- Joined: Mon Dec 13, 2010 3:51 pm
- Location: Lawrence, KS
Re: Converting from FreeSwan?
Exactly. I have never found a good GUI system for dealing with a certificate authority; however, the easy-rsa scripts distributed with the openvpn source code work very well. There are two versions distributed with openvpn (versions 1 and 2). I use version 2 and have successfully maintained our internal certificate authority for the last couple years. A summary of its functionality can be found at http://openvpn.net/index.php/open-sourc ... ement.htmlWhat is the difference between self-signed and properly signed? They weren't signed by a cert authority, if that's what you mean...
-Stephen
[..]I used to think it was awful that life was so unfair. [...]Wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? -Marcus Cole