[Openswan Users] help with dhcp

Alvaro Reguly openswan at adplabs.com.br
Tue Jul 20 11:31:14 CEST 2004 

Hello, I have got it working with Fedora Core 2 with the RPMs from 
openswan.org and Windows XP, using certificates.

Now I need some advice to get it working with DHCP that is running behind 
the gateway.

I would like to enable the roadwarrior (WinXP) to get an IP from our 
intranet and use samba, etc.

roadwarrior  <--> gateway <--> LAN

Roadwarrior is Windows XP with signed certificates, getting dynamic IPs 
(nat and without nat).

Gateway is Fedora Core 2 with 2 nics, static public IP, and static private 
IP (172.16.0.0/16), it runs DHCP only on the internal NIC, suppling IPs 
from 172.16/16 range.

This is what my ipsec.conf looks like now. Can anyone advise me what else 
I need to get it working with my LAN ?

Thanks in advance.

version 2.0

config setup
     nat_traversal=yes
     virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16

conn %default
     keyingtries=2
     compress=yes
     disablearrivalcheck=no
     authby=rsasig
     leftrsasigkey=%cert
     rightrsasigkey=%cert

conn roadwarrior-net
     #leftsubnet=(your_subnet)/(your_netmask)
     leftsubnet=172.16.0.0/16
     #leftsubnet=200.162.106.160/27
     also=roadwarrior

conn roadwarrior
     left=%defaultroute
     leftcert=adplabs_vortex.pem
     right=%any
     rightsubnet=vhost:%no,%priv
     auto=add
     pfs=yes

conn roadwarrior-l2tp
     pfs=no
     leftprotoport=17/0
     rightprotoport=17/1701
     also=roadwarrior

conn roadwarrior-l2tp-updatedwin
     pfs=no
     leftprotoport=17/1701
     rightprotoport=17/1701
     also=roadwarrior

conn roadwarrior-all
     leftsubnet=0.0.0.0/0
     also=roadwarrior



--
Alvaro Reguly
ADP Brasil Ltda.
+55-51-3388-3648
alvaro_reguly at adplabs.com.br
http://www.adplabs.com.br

This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system.

"Contrary to popular belief, UNIX is user friendly.
    It just happens to be selective on who it makes friendship with"

More information about the Users mailing list