[Openswan Users] Windoze services over IPSEC

David Spear dspear at telus.net
Fri Jan 28 16:00:02 CET 2005


Ah, I am one of those "ping works but nothing else" people now.  I can
ping.  But I cannot access my wins server, nor web, nor any other
service I've tried.  ???  Lots show not nothing abnormal, I guess I'll
start looking at tcpdump.

> -----Original Message-----
> From: users-bounces at openswan.org [mailto:users-bounces at openswan.org]
On
> Behalf Of David Spear
> Sent: January 28, 2005 2:18 PM
> To: users at openswan.org
> Subject: RE: [Openswan Users] Windoze services over IPSEC
> 
> I have successfully set up IPSEC between my XP/2K clients and
Openswan.
> My setup looks like:
> 
> XP roadwarrior		Internet		NAT firewall
Openswan
> GW
> 207.x.x.x			x.x.x.x		209.x.x.x
> 192.168.1.101
> 
> I am using X.509 cert authorization and it works flawlessly.  I can
ping
> machines on the private subnet.  The NAT router does port forwarding
of
> IPSEC traffic to the openswan gateway.
> 
> I am not using l2tp (yet).  I am using Marcus Mueller's ipsec
executable
> to set up the tunnel.
> 
> Can someone enlighten me on what I need to do to browse the windows
> network on my private net?  I tried setting up a WINS server on the
> 192.168.x.x. network in my dial-up connection properties, but that
> doesn't seem to do it.  Nothing shows up in the Network Neighborhood.
> Is there a way to specify on the roadwarrior box to route ALL traffic
on
> ports 135-139, etc. through the ipsec tunnel?  Is there a way to route
> ALL traffic through the tunnel?  Is there any way that I can log on to
a
> windows domain through the tunnel?  I am leaning towards forwarding
all
> traffic through the tunnel due to security concerns... i.e. I don't
want
> a hacker who gets into my outside Win box while an ipsec tunnel is up
to
> have unrestricted access to my private nets.
> 
> Thanks
> 
> Dave
> 
> 
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users




More information about the Users mailing list