Manual Site to Site Tunnels with ClearOS and IPSec
This document is intended to be used as a general layout and design guide for creating manual IPSec VPN tunnels using ClearOS' OpenSwan implementation. The purpose is two-fold: 1) to lay out a framework for an eventual modification to ClearOS' IPSec VPN to support different VPN technology providers who implement the open standards exchange via IPSec, and 2) provide a manual process for implementing secure tunnels via IPSec.
Technology Overview
IPSec is a virtual private network (VPN) technology which can be used for site-to-site network tunnels between trusted networks or can be used to connect a single host using x.509 certificate authentication or L2TP. IPSec is about at fast as PPTP but is more effective than PPTP for the following reasons:
- IPSec can terminate entire network or clients (PPTP can only do clients)
- IPSec's encryption is secure whereas PPTP has security holes (especially when the entire session is captured)
IPSec also has advantages and disadvantages when compared to OpenVPN.
Advantages:
- IPSec support comes natively on all major operating systems (Windows, Mac OSX, Linux,