[Openswan Users] Roadwarrior virtual IP
Heiko Gerdau
hg at technosis.de
Fri Aug 26 04:01:44 CEST 2005
On Thursday 25 August 2005 18:55, Paul Wouters wrote:
> On Thu, 25 Aug 2005, Heiko Gerdau wrote:
> > sorry, the rightsubnet in the gateways ipsec.conf was missing in my post
> > (but not the real ipsec.conf).
> > Here are the conf files again:
>
> I don't exactly understand what you are trying to do, since your use of
> left/rightsubnet is confusing me.
I understand that. I got it wrong twice. Sorry for introducing myself to this
mailing list with such a mess.
Of course on the gateways ipsec.conf it has to be
leftsubnet=192.169.1.0/24
not rightsubnet.
>
> Assuming left is the gateway server, and right is the roadwarrior, on the
> server you should have : rightsubnet=vhost:%no,%priv to allow connections
> from regular IP's as well as from behind NAT. It will then correctly setup
> the virtual ip for you.
Doesn't that depend on which ipsec.conf you are looking? On the gateways
ipsec.conf left is the gateway server and right the roadwarrior. On the
roadwarriors ipsec.conf it's the other way around. Or did I missunderstand
this point?
I tried rightsubnet=vhost:%no,%priv (on the gateways ipsec.conf) together with
virtual_private in the config setup section. It did not have any effect as
far as I can tell. At least I'm not able to ping the subnet (behind the
gateway server) unless I remove the real IP of the roadwarrior from
masquerading (But if I do than everything works fine). The subnet with
potential virtual ips for the roadwarrior defined in virtual_private is
removed from masquerading too.
I must be overlooking something simple.
Any suggestion?
Thanks in advance
Heiko
More information about the Users
mailing list