[Openswan Users] overlapping networks with nat-t

Paul Wouters paul at xelerance.com
Thu Jan 19 17:20:38 CET 2006


On Thu, 19 Jan 2006, John A. Sullivan III wrote:

> > IMHO virtual addresses is the only proper solution.
> > Again: but ipsec doesn't handle virtual IP?
> DHCP-over-IPSec was a nice solution but appears to have died.  On the
> other hand, all IPSec virtual adapter implementations that I have seen
> had the limitation of only allowing one virtual adapter.  If one had to
> completely different networks to attach to (e.g., 10.1.1.0/24 and
> 172.16.10.0/24), one was stuck.  The OpenVPN approach is much more
> elegant.

If you hand out an IP address from the network you are connecting to
using IPsec, you should not need more then one IP address. That network
should be able to reach everything, and you have become part of that
remote network.

Paul


More information about the Users mailing list