[Openswan Users] Private IP roadwarrior setup.

[Radek Antoniuk]

Brian Candler wrote:

>On Sun, Jun 11, 2006 at 01:28:16PM +0200, Radek Antoniuk wrote:
>  
>
>>Let's assume a following configuration:
>>
>>192.168.1.0/24 <-> GW w/Openswan <-> INTERNET <-> Roadwarrior w/public
>>IP (WinXP/SP2)
>>
>>Now,
>>I'd like to configure things to achieve that the roadwarrior gets an IP
>>from my private 1.0/24 subnet.
>>I have tested several configs and I'd like to know what is the simplest
>>method to achieve this.
>>While using native winxp stack with just an ipsec policy, i was able to
>>configure a tunnel, but I was visible with my public IP, not the private
>>one.
>>The other method is to use Windows VPN connection using L2TP+ipsec, but
>>I'd like not to use this solution if it is possible.
>>    
>>
>
>Depends whether you're prepared to install separate client software on the
>Windows box or not.
>
>If you are, then you can install (say) the Cisco VPN client which will do
>XAUTH to authenticate and allocate an IP address.
>
>  
>
I am in fact. I'll look for some howtos on it but if you have some that
I'd be grateful.

>If not, then you are stuck with the capabilities of the Microsoft client,
>and if you want to allocate a dynamic address from a private pool then you
>need L2TP over IPSEC. The Windows IPSEC stack can run native transport mode,
>and there are front-ends to make it easier to configure (e.g. lsipsectool),
>but you won't be able to negotiate an IP address for the endpoint down it.
>
>  
>
>If each roadwarrier always gets the *same* private IP address, though, you
>might be able to configure it that way.
>  
>
Yes, they should. But on what basis, mac address? And that's the
problem, how to do it. I have used lsipsectool, but the problem is, that
it does not allow (or I don't know how to set it up) to add a private IP
address on the outgoing interface. The effect is as described earlier, I
get a transport mode tunnel but going in my subnet w/public IP not the
private one.


-- 
Best regards,
Radek