[Openswan Users]

Paul Wouters paul at xelerance.com
Tue Apr 25 20:23:36 CEST 2006


On Tue, 25 Apr 2006, Gbenga wrote:

> All I am trying to achieve is a vpn connection to that 10.10.0.0/16 network, the vpn server obviously from my config is part of the subnet. I have an Internet firewall (iptables) FW to this network and from there I can nat ip addresses from the Internet. On this firewall, I have natted port 500 & 4500 udp only to the vpn server, since it is only passing on those ports to the vpn server.
>
> The firewall on the vpn server has been completely disabled until this works.
>
> What is the workable setup for this? I cannot run the vpn on the firewall, it has to be inside network.

You might get away by adding another IP address from a range outside the leftsubnet to the machine and
setting the left= option to that IP address. But regardless, what you are attempting is a bad hack, not
an infrastructure solution.

Paul


More information about the Users mailing list