[Openswan Users] ip conflict question
Paul Wouters
paul at xelerance.com
Fri Nov 25 22:18:19 CET 2005
On Fri, 25 Nov 2005, Nick wrote:
> I also got to thinking about another possible ip conflict problem.
>
> Let's say that one roadwarrior gets an IP of 10.0.0.67, and connects to
> the ipsec gateway. All is well for him.
>
> Then another roadwarrior at some other location gets the same internal IP
> address of 10.0.0.67. Now what happens when this user tries to connect to
> the ipsec gateway?
>
> One of these (or both) users would be SOL (not sure how openswan would
> handle duplicate virtual ips). This seems like it would be unlikely
> unless you had a lot of users, but still it could happen.
>
> I was thinking about the l2tp or dhcp-over-ipsec option to get the
> roadwarrior an ip from the LAN, but before any of that can happen doesn't
> the underlying ipsec connection (with the possible ip conflict) have to
> work? With that assumption, then these other options wouldn't really help
> with that problem anyway.
That's correct. I believe IKEv2 might fix this, but I'm not sure.
Paul
More information about the Users
mailing list