DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 28th November 2013
marciorufino01 marciorufino01 is offline
New User
 
Join Date: Nov 2013
Posts: 8
Thanked 0 Times in 0 Posts
Default access between two VPNs

Hello,

I have a vpn between the company where I work and a government agency. Externally, some employees of the company access my environment via openvpn. I would like these employees to access this network of government. I have done various settings and could not. Follows the structure of the environment:

host government: 10.10.10.100
openvpn ip: 192.168.50.25
openvpn interface: tun0
internal interface ip: 172.16.1.1

nat on tun0 from 192.168.50.25 to 10.10.10.100 -> 172.16.1.1

It would be necessary to set something in /etc/isakmpd/isakmpd.conf referring to that network openvpn?
Problem would be in the syntax of nat?

Thanks!
Reply With Quote
  #2   (View Single Post)  
Old 28th November 2013
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,674
Thanked 214 Times in 189 Posts
Default

Hello, and welcome.

OpenVPN is one of the wide variety of SSL-based VPN implementations. OpenVPN differs from most of the other SSL-based VPNs in three key ways:
  • It is free and open source.
  • It is portable, and is available for many OSes.
  • It can be deployed through many different network configurations, as it tunnels within UDP or TCP.
OpenVPN is available on OpenBSD, as a third party port/package.

Unfortunately I have not used OpenVPN in about 20 years, so I am unable to assist with your implementation problem.

You're asking about isakmpd.conf(5). That is a configuration file for isakmpd(8), which is used with IPSec, an entirely different VPN technology than OpenVPN. IPSec has its own protocols, and an introduction can be found in ipsec(4).
Reply With Quote
  #3   (View Single Post)  
Old 28th November 2013
marciorufino01 marciorufino01 is offline
New User
 
Join Date: Nov 2013
Posts: 8
Thanked 0 Times in 0 Posts
Default

Hello jggimi,
My vpn between the company where I work and a government agency this set with ipsec. So I mentioned isakmpd.conf
Reply With Quote
  #4   (View Single Post)  
Old 28th November 2013
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,674
Thanked 214 Times in 189 Posts
Default

Thank you. Unfortunately, with the information you have provided so far, all I can suggest is that you must establish SAs and flows between the virtual IP address pool used with OpenVPN and your government's network(s). I don't have enough information to tell you whether or not NAT should or should not be a component of the configuration.

I have not dealt with OpenVPN in decades, and I use ipsec.conf(5) to establish SAs and flows with isakmpd(8) rather than isakmpd.conf(5) and isakmpd.policy(5). Even if you decided to disclose more information, I might still not be able to help.

Last edited by jggimi; 28th November 2013 at 04:51 PM. Reason: added sentence for NAT
Reply With Quote
  #5   (View Single Post)  
Old 28th November 2013
marciorufino01 marciorufino01 is offline
New User
 
Join Date: Nov 2013
Posts: 8
Thanked 0 Times in 0 Posts
Default

jggimi, no problem!
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
DVD access zazen OpenBSD General 11 4th June 2009 03:28 PM
ssh access carpman FreeBSD Security 8 19th February 2009 12:26 PM
Securing ftp access AlexDudko FreeBSD Security 6 12th January 2009 09:21 PM
pf allow ftp access ijk FreeBSD Security 9 25th August 2008 04:12 AM
CD Access in KDE Scott FreeBSD General 10 13th May 2008 05:48 AM


All times are GMT. The time now is 12:25 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick