[Openswan Users] Roadwarrior virtual IP

Heiko Gerdau hg at technosis.de
Thu Aug 25 13:51:13 CEST 2005 

Hi,

I'm using Openswan 2.3.1 to create vpn tunnel between a masqueraded private 
network and a roadwarrior with a dynamic IP and no subnet. The gateway and 
the roadwarrior both use linux boxes (Suse 9.3). I followed the instructions 
on the openswan wiki page to configure the 2 openswan installations.

Problem:
======
Everything works fine except one has to remove the roadwarriors dynamic 
internet ip from the masquerading at the gateways firewall each time the road 
warrior makes a new connection. (Eather by phone or by removing a huge range 
of destination addresses that the ISP may give to the roadwarrior).

So how can I give the roadwarrior a virtual private ip address when he does 
not is in a private subnet behind a gateway?

I tried:
=====
I tried the leftsourceip/rightsourceip approach without success. I can 
establish the "ipsec auto up" connection but I get no response on a ping.

I tried NAT-T. (Removing the masquerade exceptions from the firewall and added 
the virtual_private formalism). I can establish the connection but no ping 
returns except to the private address of the gateway (which I don't 
understand. Maybe it goes not through the tunnel. If I ping the private 
address of the gateway, using tcpdump I can see ESP packets between 
roadwarrior and the Internet address of the gateway but also icmp packets 
coming from the private address of the gateway????)

I did not try dhcp-over-ipsec. 

Any help is apprciated

Best 
Heiko 


####################
# roadwarriors ipsec.conf 
####################
config setup
	interfaces=%defaultroute

conn rw-to-srv
    left=%defaultroute
    #leftsourceip=192.168.2.103
    leftid=@rw
    leftrsasigkey=Opbh....
    right=84.x.x.x
    rightsubnet=192.168.1.0/24
    rightid=@srv 
    rightrsasigkey=Hzusi....
    auto=add

####################
# Gateways ipsec.conf 
####################
config setup
	interfaces=%defaultroute

conn rw-to-srv
    left=%defaultroute
    leftid=@srv
    leftrsasigkey=Hzusi....
    right=%any
    rightid=@rw 
    #rightsourceip=192.168.2.103
    rightrsasigkey=Opbh....
    auto=add

More information about the Users mailing list