[Openswan Users] Windows XP to OpenSWAN with ipsec.exe

Paul Wouters paul at xelerance.com
Fri Apr 28 23:20:16 CEST 2006

On Wed, 26 Apr 2006, Pat Fricke wrote:

> Date: Wed, 26 Apr 2006 12:26:29 -0700
> From: Pat Fricke <sales at prfhome.com>
> To: 'Paul Wouters' <paul at xelerance.com>
> Subject: RE: [Openswan Users] Windows XP to OpenSWAN with ipsec.exe
> virtual_private=%v4:,%v4:,%4:,%v4:!192.
> 168.1.0/24
> I may be dense but I still don't know what I am looking at.

"Allow all 10.* and 192.168.* and 172.16.* to be allowed as 'rightsubnet='
to connect through NAT, with the exception of our own used"

> =%v4: This (I take it) is the remote ip but where does %v4 come
> from?

%v4 means IPv4. The syntax allows for IPv6 as well.

> ,%v4: Remote subnet? If so can it just be omitted since this
> is a laptop (no subnet)?

The way NAT works is that the internal IP address of the laptop is put in
a virtual "rightsubnet" statement.

> ,%4: OpenSWAN server subnet? This is %4 instead of %v4 ... ???

That's a typo/error in the ipsec.conf file shipped with openswan 2.4.4 :)

> rightsubnet=vhost:%no,%priv

this means the laptop can connect either with a vhost (from the virtual_private
line) or without a vhost (if it is not NAT'ed)

Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list