<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=windows-1251"
http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
<br>
<blockquote cite="mid:4818C119.2010309@in.if.ua" type="cite"><font
size="-1"><font face="Tahoma">
<blockquote type="cite">
<pre><blockquote type="cite"><font><font><font size="-1"><font
face="Tahoma"><pre><i>I wonder if someone can answer on the question: Can 192.168.14.0/24 be used on the client side if 192.168.0.0/20 is used on the
</i>server side?</pre></font></font></font></font></blockquote>General routing rules apply.
As long as there are no 192.168.14.0/24 hosts in the 192.168.0.0/20 subnet then everything will work fine,
as ip routing will choose the most specific route for each packet. For example:
192.168.0.0/20 (bad subnet: 192.168.14.0/24) (ok subnets: 192.168.0.0/21, 192.168.8.0/22, 192.168.12.0/23, 192.168.15.0/24)
        |
[openswan server]
        |
Internet
        |
[remote router]
        |
192.168.14.0/24
        |
[l2tp (windows/mac/linux) client]
You may also need to set one of the following on the server:
        
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.44.68.0/24,%v4:!192.168.0.0/20,%v4:192.168.14.0/24,%v4:!
172.27.172.0/24
        
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.44.68.0/24,%v4:!192.168.0.0/21,%v4:!192.168.8.0/22,%v4:!
192.168.12.0/23,%v4:!192.168.15.0/24,%v4:!172.27.172.0/24
Peter McGill</pre>
</blockquote>
What if 192.168.14.0/24 is used on the server too? No way? Sorry for my
ignorance but till now I worked only with OpenVPN. I guess this is due
to ESP, right? My home router does supports IPSec passthrough so
possibly I must be able to connect without NAT-T?</font></font></blockquote>
<small>Just one more question... PPTP (as an alternative to IPSec/L2TP)
can be used in local network for providing Internet access (like
PPPoE). In this case the client connects from the zone which is
actually used on the server. So I wonder if IPSec/L2TP can be used as
VPN over Ethernet</small><small>?<br>
<br>
</small>
</body>
</html>