[Openswan Users] Windows XP to OpenSWAN with ipsec.exe
Pat Fricke
sales at prfhome.com
Fri Apr 28 15:20:20 CEST 2006
Paul,
Once again you have been most helpful.
I won't be able to work on it until tomorrow, but with any luck at all my
next post will be one of success.
Thank you,
Pat R. Fricke
>
virtual_private=%v4:10.0.0.0/8,%v4:192.268.0.0/16,%4:172.16.0.0/12,%v4:!192.
> 168.1.0/24
>
> I may be dense but I still don't know what I am looking at.
"Allow all 10.* and 192.168.* and 172.16.* to be allowed as 'rightsubnet='
to connect through NAT, with the exception of our own used 192.168.1.0/24"
> =%v4:10.0.0.0/8 This (I take it) is the remote ip but where does %v4 come
> from?
%v4 means IPv4. The syntax allows for IPv6 as well.
> ,%v4:192.268.0.0/16 Remote subnet? If so can it just be omitted since this
> is a laptop (no subnet)?
The way NAT works is that the internal IP address of the laptop is put in
a virtual "rightsubnet" statement.
> ,%4:172.16.0.0/12 OpenSWAN server subnet? This is %4 instead of %v4 ...
???
That's a typo/error in the ipsec.conf file shipped with openswan 2.4.4 :)
> rightsubnet=vhost:%no,%priv
this means the laptop can connect either with a vhost (from the
virtual_private
line) or without a vhost (if it is not NAT'ed)
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list