[Openswan Users] host-to-gateway encryption

Paul Wouters paul at xelerance.com
Mon Aug 28 14:04:34 EDT 2006

On Mon, 28 Aug 2006, Adam Zientek wrote:

> Clients:, gateway Now i have:

> version         2.0
> config setup
>         nat_traversal=no
> virtual_private=%v4:,%v4:,%v4:
> include /etc/ipsec.d/no_oe.conf
> conn local-x509
>         left=
>         leftsubnet=

You cannot do that. left cannot be part of leftsubnet.

>         leftcert=/etc/ipsec.d/certs/ipsecgwCert.pem
>         right=%any
>         rightrsasigkey=%cert
>         rightsubnet=vhost:%no,%pr

You would need rightsubnet= o encrypt everything.

> This configuration encrypt direct traffic to gateway(e.g. ftp on
> gateway), but no internet traffic. Clients use Linsys ipsectool on
> windows. What should i change to encrypt all traffic between host and
> gateway?

Look at: http://www.xelerance.com/talks/blackhat2004ams/

Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list