[Openswan dev]
Michael Richardson
mcr at sandelman.ottawa.on.ca
Wed Jun 28 19:15:36 CEST 2006
>>>>> "Patrice" == Patrice Tcherkezian <patrice.tcherkezian at noven.fr> writes:
Patrice> I've got an wifi access controller in an Hotel for example. It's
Patrice> connected to Internet with an ADSL Router and the IP adress of
Patrice> the ISP is a dynamic IP Adress.
okay.
Patrice> This access control has to connect to my radius installed in my
Patrice> NOC. I create a VPN between the access controller and my NOC
Patrice> with Openswan IPSEC.
good.
Patrice> But, I want to have a monitoring of my AC with Nagios installed
Patrice> in my NOC too. And Nagios needs the Access Controller to have a
Patrice> known static IP Adress. (My Radius needs the same thing too)
Patrice> How can I do ? Because, with my VPN, I suppose that the Access
Patrice> Controller is always seen from my NOC with its dynamic IP adress
Patrice> of the ISP.
So, assign an IP address that you control, that is unique for you,
and is routeable to your network through your IPsec gateway.
This might a private network that you route to the NOC gateway, or
might even be public address space.
let this ip= A.B.C.D
Extrude this IP to each of your access controllers:
conn access-controller
right=%defaultroute
rightid=@something-you-like
rightsourceip=A.B.C.D
rightsubnet=A.B.C.D/32
left=...
--
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
"The Microsoft _Get the Facts CD_ does not work on Linux." - orospakr
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/dev/attachments/20060628/96afb23d/attachment.bin
More information about the Dev
mailing list