Book Image

Openswan: Building and Integrating Virtual Private Networks

By : Ken Bantoft, Paul Wouters
Book Image

Openswan: Building and Integrating Virtual Private Networks

By: Ken Bantoft, Paul Wouters

Overview of this book

<p>With the widespread use of wireless and the integration of VPN capabilities in most modern laptops, PDA's and mobile phones, there is a growing desire for encrypting more and more communications to prevent eavesdropping. Can you trust the coffee shop's wireless network? Is your neighbor watching your wireless? Or are your competitors perhaps engaged in industrial espionage? Do you need to send information back to your office while on the road or on board a ship? Or do you just want to securely access your MP3's at home? IPsec is the industry standard for encrypted communication, and Openswan is the de-facto implementation of IPsec for Linux.</p> <p>Whether you are just connecting your home DSL connection with your laptop when you're on the road to access your files at home, or you are building an industry size, military strength VPN infrastructure for a medium to very large organization, this book will assist you in setting up Openswan to suit those needs.</p> <p>The topics discussed range from designing, to building, to configuring Openswan as the VPN gateway to deploy IPsec using Openswan. It not only for Linux clients, but also the more commonly used Operating Systems such as Microsoft Windows and MacOSX. Furthermore it discusses common interoperability examples for third party vendors, such as Cisco, Checkpoint, Netscreen and other common IPsec vendors.</p> <p>The authors bring you first hand information, as they are the official developers of the Openswan code. They have included the latest developments and upcoming issues. With experience in answering questions on a daily basis on the mailing lists since the creation of Openswan, the authors are by far the most experienced in a wide range of successful and not so successful uses of Openswan by people worldwide.</p>
Table of Contents (22 chapters)
Building and Integrating Virtual Private Networks with Openswan
Credits
About the Authors
Acknowledgements
About the Reviewers
Preface

WaveSEC for Windows


The problem with Windows is that we do not control any part of the DHCP or IPsec subsystem on the clients. We cannot hook Openswan additions into Windows, so we are left with the normal features of this OS.

The WaveSEC for Windows solution consists of two parts. The first part securely obtains an X.509 Certificate generated on the fly. The second part negotiates an IPsec tunnel to the default gateway, which will carry all the traffic.

We use a redirect to a web server using SSL for this part, similar to how hotspots redirect you to their login page. To make things easier, we provide a tool to import the X.509 Certificate called certimport.exe. We also use a tool to make configuration of the Windows IPsec tunnel easier. This freely available tool, called lsipsectool.exe, is available on SourceForge.net. It provides a clear interface, and a tray icon, and takes care of shutting down the connection for us.

This solution of adding software onto the Windows machines is far from...