[Openswan Users] Re: openswan ipsec VPN
Jacco de Leeuw
jacco2 at dds.nl
Sat Oct 29 22:20:05 CEST 2005
Nick Woolley wrote:
> I am trying to build a network which
> has a server behind a NAT on subnet 10.0.0.0/8. I am using a ADSL router to
> pass UDP ports 4500 and 500 from its internet IP address straight to
> 10.0.0.99 which is the IP address of the local Openswan server on the
> network.
>
> config setup
> #interfaces=%defaultroute
> nat_traversal=yes
>
> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,
> %v4:192.168.123.0/24
If 10.0.0.0/8 is your internal LAN then you need to exclude it in the
virtual_private line. I.e. you'd have to remove the %v4:10.0.0.0/8
part.
10.0.0.0/8 is a large network; are you sure you want it on your LAN?
If you'd rather use something else (such as 10.0.0.0/24) then you'd
use:
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,
%v4:!10.0.0.0/24
> conn <name>
> type=transport
> left=10.0.0.99
> leftnexthop=10.0.0.2
> leftcert=<name>.pem
> leftid=%any
> leftprotoport=17/1701
> right=%any
> rightid=%any
> rightprotoport=17/1701
You need to add:
rightsubnet=vhost:%priv,%no
and remove:
type=transport
... because of this:
http://bugs.xelerance.com/view.php?id=466
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
Mosquitos suck
More information about the Users
mailing list