[Openswan Users] host-to-gateway encryption
Paul Wouters
paul at xelerance.com
Mon Aug 28 14:04:34 EDT 2006
On Mon, 28 Aug 2006, Adam Zientek wrote:
> Clients: 192.168.111.1-100, gateway 192.168.111.254. Now i have:
> version 2.0
> config setup
> nat_traversal=no
>
> virtual_private=%v4:192.168.111.0/24,%v4:192.168.0.0/24,%v4:192.168.123.0/24
> include /etc/ipsec.d/no_oe.conf
> conn local-x509
> left=192.168.111.254
> leftsubnet=192.168.111.0/24
You cannot do that. left cannot be part of leftsubnet.
> leftcert=/etc/ipsec.d/certs/ipsecgwCert.pem
> right=%any
> rightrsasigkey=%cert
> rightsubnet=vhost:%no,%pr
You would need rightsubnet=0.0.0.0/0 o encrypt everything.
> This configuration encrypt direct traffic to gateway(e.g. ftp on
> gateway), but no internet traffic. Clients use Linsys ipsectool on
> windows. What should i change to encrypt all traffic between host and
> gateway?
Look at: http://www.xelerance.com/talks/blackhat2004ams/
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list