[Openswan Users] Windows XP to OpenSWAN with ipsec.exe

Paul Wouters paul at xelerance.com
Fri Apr 28 23:20:16 CEST 2006


On Wed, 26 Apr 2006, Pat Fricke wrote:

> Date: Wed, 26 Apr 2006 12:26:29 -0700
> From: Pat Fricke <sales at prfhome.com>
> To: 'Paul Wouters' <paul at xelerance.com>
> Subject: RE: [Openswan Users] Windows XP to OpenSWAN with ipsec.exe
>
> virtual_private=%v4:10.0.0.0/8,%v4:192.268.0.0/16,%4:172.16.0.0/12,%v4:!192.
> 168.1.0/24
>
> I may be dense but I still don't know what I am looking at.

"Allow all 10.* and 192.168.* and 172.16.* to be allowed as 'rightsubnet='
to connect through NAT, with the exception of our own used 192.168.1.0/24"

> =%v4:10.0.0.0/8 This (I take it) is the remote ip but where does %v4 come
> from?

%v4 means IPv4. The syntax allows for IPv6 as well.

> ,%v4:192.268.0.0/16 Remote subnet? If so can it just be omitted since this
> is a laptop (no subnet)?

The way NAT works is that the internal IP address of the laptop is put in
a virtual "rightsubnet" statement.

> ,%4:172.16.0.0/12 OpenSWAN server subnet? This is %4 instead of %v4 ... ???

That's a typo/error in the ipsec.conf file shipped with openswan 2.4.4 :)

> rightsubnet=vhost:%no,%priv

this means the laptop can connect either with a vhost (from the virtual_private
line) or without a vhost (if it is not NAT'ed)

Paul
-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list