[Openswan Users] Assignment for Roadwarrior virtual IP addresses
Paul Wouters
paul at xelerance.com
Fri Dec 16 15:27:35 CET 2005
On Thu, 15 Dec 2005, John A. Sullivan III wrote:
> Thank you, as always, Paul Wouters, for your answers on this topic.
> Since I don't use L2TP, I hadn't realized it has the same problem. I
> suppose that makes sense - the L2TP connection uses a virtual IP address
> but the IPSec tunnel to tunnel the L2TP connection must be based upon
> the real internal IP address. Is that indeed the case?
Actually what happens is that if you are behind NAT, you get an implicite
rightsubnet=internalip/32.
> I also take it that to use the rightsourceip parameter that apparently
> openswan as well as StrongSWAN supports, the client must also support
> virtual IP addresses through IKE mode config. Is that true?
I am not that familiar with Mode Config actually, so I cannot tell you.
> Finally, am I correct to assume that there is no way to bind a virtual
> IP address to an IPSec connection with the native Windows IPSec client
> and that one must use a commercial product like SafeNet to do this?
I am not sure what you mean. You can add more phase 2 connections if you
want. But again, I am not sure how this would work with Mode Config. I
would stick to l2tp until IKEv2, which should resolve a lot of tehse issues.
Paul
More information about the Users
mailing list