[Openswan Users] overlapping networks with nat-t

John A. Sullivan III jsullivan at opensourcedevel.com
Thu Jan 19 12:26:31 CET 2006

On Thu, 2006-01-19 at 17:20 +0100, Paul Wouters wrote:
> On Thu, 19 Jan 2006, John A. Sullivan III wrote:
> > > IMHO virtual addresses is the only proper solution.
> > > Again: but ipsec doesn't handle virtual IP?
> > DHCP-over-IPSec was a nice solution but appears to have died.  On the
> > other hand, all IPSec virtual adapter implementations that I have seen
> > had the limitation of only allowing one virtual adapter.  If one had to
> > completely different networks to attach to (e.g., and
> >, one was stuck.  The OpenVPN approach is much more
> > elegant.
> If you hand out an IP address from the network you are connecting to
> using IPsec, you should not need more then one IP address. That network
> should be able to reach everything, and you have become part of that
> remote network.
> Paul
That's usually true, but in the case I'm thinking of, it was a
multi-client environment with different IPSec connections to different
gateways - John
John A. Sullivan III
Open Source Development Corporation
+1 207-985-7880
jsullivan at opensourcedevel.com

Financially sustainable open source development

More information about the Users mailing list