Using Openswan on the server end is quite easy. You have all the logs of the incoming connection, and you know what your connection parameters for the clients are supposed to be. Using Openswan as a client on the other hand can be very hard. Often the server in such cases is a non-Openswan system and usually the VPN server logs are not available. People trying to use Openswan as a client to connect to these systems usually do not have the cooperation of the system administrator on the other end. The best source of tips and information in these cases is usually to have a look at the configuration of other clients using the same setup.
For Cisco's VPN client for example, you usually get a PCF file from the administrator of the Cisco Concentrator. In the Openswan contrib
directory is a utility that will try to convert these files to ipsec.conf
syntax.
Usually these VPN appliances are set up in a very strict way. They will want the first IKE packet to contain...