[Openswan Users] Question

[Paul Wouters]

On Thu, 4 May 2006, Giovani Moda - MR Informática wrote:

> I have a IPSEC/L2TP conection from a WinXP to a Linux gateway running openswan-2.4.5 with klips. In this particular scenario, I have a need for this client to check e-mails from this same Linux gateway. I could do it from the VPN, IF the IMAP port could be reached from the inside network, but that's not the case. It's only accessible through external interface. When the tunnel is up, of course, the client can't ping or access anything from the outside interface of the gateway. Is there any way to configure openswan to allow unencrypted packets from a client wich is connected through L2TP/IPSEC?

Can't you use a portforward or something to hook up the internal ip to the imap's external ip? Or make it listen
on both ports and do a dual view DNS setup?

It is possible to define a passthrough connection that allows unencrypted packets through, but
it adds to the risk of accidentally accepting unencrypted packets where you should not.

The L2TP enhancement patch (not yet released) fixes the issue of connecting using either IPsec or non-IPSEC
to the same VPN/mail server from multiple clients bgehind NAT. This feature will appear in a later
openswan release.

Paul