[Openswan Users] Private IP roadwarrior setup.

Brian Candler B.Candler at pobox.com
Sun Jun 11 20:00:19 CEST 2006

On Sun, Jun 11, 2006 at 01:28:16PM +0200, Radek Antoniuk wrote:
> Let's assume a following configuration:
> <-> GW w/Openswan <-> INTERNET <-> Roadwarrior w/public
> IP (WinXP/SP2)
> Now,
> I'd like to configure things to achieve that the roadwarrior gets an IP
> from my private 1.0/24 subnet.
> I have tested several configs and I'd like to know what is the simplest
> method to achieve this.
> While using native winxp stack with just an ipsec policy, i was able to
> configure a tunnel, but I was visible with my public IP, not the private
> one.
> The other method is to use Windows VPN connection using L2TP+ipsec, but
> I'd like not to use this solution if it is possible.

Depends whether you're prepared to install separate client software on the
Windows box or not.

If you are, then you can install (say) the Cisco VPN client which will do
XAUTH to authenticate and allocate an IP address.

If not, then you are stuck with the capabilities of the Microsoft client,
and if you want to allocate a dynamic address from a private pool then you
need L2TP over IPSEC. The Windows IPSEC stack can run native transport mode,
and there are front-ends to make it easier to configure (e.g. lsipsectool),
but you won't be able to negotiate an IP address for the endpoint down it.

If each roadwarrier always gets the *same* private IP address, though, you
might be able to configure it that way.

More information about the Users mailing list