[Openswan Users] Can someone correct/confirm my IPSec understanding?

tomk at runbox.com tomk at runbox.com
Mon Oct 11 17:55:53 CEST 2004

For anyone in a rush, here's the question: If I set up a host-to-net VPN between Host A on Network A and all machines on Network B, does it only carry traffic with those particular source and destination parameters? Or can it also carry traffic  originating from Host A and going to destinations beyond Network B?

If you have a bit more time, here's the background: I'm using Openswan to secure my wireless network, so I have my AP + Debian laptop on network, and my main network on In the middle of those, I have IPCop 1.4.0, which includes Openswan, and I have also installed and configured Openswan on the laptop. IPCop is also connected to the internet, and internet access is functioning on both and Without the IPSec tunnel, the wireless network cannot access the main network - this is as intended. When I bring the tunnel up, the laptop CAN access the main network, but it CANNOT access the internet. So it seems that the tunnel will only carry traffic between the specified source and destination, whereas I expected (wrongly?) that it would also carry traffic originating from the laptop, passing through IPCop, and heading out to the internet.

Was my original expectation incorrect? If so, is there something I can do to enable all traffic from the laptop to use the tunnel?

More information about the Users mailing list