[Openswan Users] WinXP Behind Nat to Openswan Server Behind NAT

Jacco de Leeuw jacco2 at dds.nl
Mon Jul 17 09:41:03 CEST 2006

Meron Lavie wrote:

> Since all my company's WinXP's are NAT-ted, I added "
> rightsubnet=vhost:%no,%priv ". However, if I add that parameter then my
> internal connection doesn't work anymore, and if I try "ipsec verify", I
> get:
>         authby=secret
>         rightsubnet=vhost:%no,%priv

rightsubnet= is not required for PSKs. I don't know why it is needed
for certificates and not for PSKs...

Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl

More information about the Users mailing list