[Openswan Users] overlapping networks with nat-t
John A. Sullivan III
jsullivan at opensourcedevel.com
Thu Jan 19 12:26:31 CET 2006
On Thu, 2006-01-19 at 17:20 +0100, Paul Wouters wrote:
> On Thu, 19 Jan 2006, John A. Sullivan III wrote:
>
> > > IMHO virtual addresses is the only proper solution.
> > > Again: but ipsec doesn't handle virtual IP?
> > DHCP-over-IPSec was a nice solution but appears to have died. On the
> > other hand, all IPSec virtual adapter implementations that I have seen
> > had the limitation of only allowing one virtual adapter. If one had to
> > completely different networks to attach to (e.g., 10.1.1.0/24 and
> > 172.16.10.0/24), one was stuck. The OpenVPN approach is much more
> > elegant.
>
> If you hand out an IP address from the network you are connecting to
> using IPsec, you should not need more then one IP address. That network
> should be able to reach everything, and you have become part of that
> remote network.
>
> Paul
That's usually true, but in the case I'm thinking of, it was a
multi-client environment with different IPSec connections to different
gateways - John
--
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan at opensourcedevel.com
Financially sustainable open source development
http://www.opensourcedevel.com
More information about the Users
mailing list