[Openswan Users] Windows XP to OpenSWAN with ipsec.exe

Pat Fricke sales at prfhome.com
Fri Apr 28 15:20:20 CEST 2006


Once again you have been most helpful. 

I won't be able to work on it until tomorrow, but with any luck at all my
next post will be one of success.

Thank you,

Pat R. Fricke

> 168.1.0/24
> I may be dense but I still don't know what I am looking at.

"Allow all 10.* and 192.168.* and 172.16.* to be allowed as 'rightsubnet='
to connect through NAT, with the exception of our own used"

> =%v4: This (I take it) is the remote ip but where does %v4 come
> from?

%v4 means IPv4. The syntax allows for IPv6 as well.

> ,%v4: Remote subnet? If so can it just be omitted since this
> is a laptop (no subnet)?

The way NAT works is that the internal IP address of the laptop is put in
a virtual "rightsubnet" statement.

> ,%4: OpenSWAN server subnet? This is %4 instead of %v4 ...

That's a typo/error in the ipsec.conf file shipped with openswan 2.4.4 :)

> rightsubnet=vhost:%no,%priv

this means the laptop can connect either with a vhost (from the
line) or without a vhost (if it is not NAT'ed)

Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list