Background

I have a working OpenVPN setup right now, where users can connect the the private network at home with their computers.

However most phones only support IPSec, so I would like to offer the same service for phones with IPSec as I do for computers with OpenVPN.

Problem

I can't find any tutorials that describes how to configure OpenSWAN to offer a private IP to the client.

With my OpenVPN, clients have to provide a key and passphrase to get access.

Question

Can OpenSWAN be configured to give a private IP to the clients, similar to my OpenVPN setup?

OpenVPN config

port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/secrets/server.crt
key /etc/openvpn/secrets/server.key
dh /etc/openvpn/secrets/dh1024.pem
server 192.168.240.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.10.64.0  255.255.252.0"
push "dhcp-option DNS xxx.xxx.xxx.xxx"
duplicate-cn
keepalive 10 120
comp-lzo
user openvpn
group openvpn
persist-key
persist-tun
status /var/log/openvpn-status.log
log-append  /var/log/openvpn.log
verb 4
mute 20
plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-ldap.so "/etc/openvpn/auth/ldap.conf"
script-security 2
auth-user-pass-verify /etc/openvpn/scripts/check_cn_on_connect.sh via-env
learn-address /etc/openvpn/scripts/log_clients_ip.sh

Solution 1:

IPSec works differently than OpenVPN, I think you will not be able to do exactly the same with SWAN than you do with OpenVPN. There are OpenVPN clients for phones, but yes many of them only include ipsec clients.

What you probably want to do is to setup a tunnel with OpenSWAN and then use that tunneled connection to start a PPP connection/L2TP over it. That will be the part responsible to providing the 'client ip' to the road warriors. This is an article with some examples. The OpenSWAN site also has some quick info on it.

Remember also that IPSec in general is horrible dealing with NATs and that may increase the complexity of the setup.