[Openswan Users] ip conflict question
Trevor Benson
TrevorBenson at a-1networks.com
Fri Dec 2 12:58:54 CET 2005
> -----Original Message-----
> From: users-bounces at openswan.org [mailto:users-bounces at openswan.org]
On
> Behalf Of Paul Wouters
> Sent: Friday, November 25, 2005 1:18 PM
> To: Nick
> Cc: users at openswan.org
> Subject: Re: [Openswan Users] ip conflict question
>
> On Fri, 25 Nov 2005, Nick wrote:
>
> > I also got to thinking about another possible ip conflict problem.
> >
> > Let's say that one roadwarrior gets an IP of 10.0.0.67, and connects
to
> > the ipsec gateway. All is well for him.
> >
> > Then another roadwarrior at some other location gets the same
internal
> IP
> > address of 10.0.0.67. Now what happens when this user tries to
connect
> to
> > the ipsec gateway?
> >
> > One of these (or both) users would be SOL (not sure how openswan
would
> > handle duplicate virtual ips). This seems like it would be unlikely
> > unless you had a lot of users, but still it could happen.
> >
> > I was thinking about the l2tp or dhcp-over-ipsec option to get the
> > roadwarrior an ip from the LAN, but before any of that can happen
> doesn't
> > the underlying ipsec connection (with the possible ip conflict) have
to
> > work? With that assumption, then these other options wouldn't
really
> help
> > with that problem anyway.
>
> That's correct. I believe IKEv2 might fix this, but I'm not sure.
Wouldn't this just be handled by both of the 10.0.0.67 IP's coming from
a different NAT device, with a different public IP?
> Paul
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
More information about the Users
mailing list