[Openswan Users] L2TP/IPsec doesn't work
Turbo Fredriksson
turbo at bayour.com
Thu Nov 2 07:03:29 EST 2006
>>>>> "Jacco" == Jacco de Leeuw <jacco2 at dds.nl> writes:
Turbo> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
Jacco> Your internal subnet needs to be excluded here.
Turbo> So remove ',%v4:192.168.0.0/16' then?
Jacco> No, you add ,%v4:!192.168.x.0/24
What exactly does 'virtual_private' do? It's not in any of the manuals...
Jacco> (assuming that that is
Jacco> your subnet). This is explained on my webpage
Jacco> http://www.jacco2.dds.nl/networking/openswan-l2tp.html#NAT
Searching for 'virtual_private' on that page leads me to believe that
I used the virtual_private correctly:
----- s n i p -----
Openswan needs to know what remote subnets the
client use. You specify these subnet(s) with the
virtual_private= parameter in ipsec.conf.
----- s n i p -----
----- s n i p -----
You should however always exclude the subnet(s)
that are behind the Openswan server.
----- s n i p -----
Ah, oki. Sorry. So I add the work network there....
ONLY the work network?
Since I'm using 192.168.1.0/24 at work and 192.168.2.0/24 at home
(actually only on the Win2k machine I'm using for testing - I actually
use 192.168.1.0/24 at home as well! - will that be a problem?),
wouldn't it be better if I just removed the '%v4:192.168.0.0/16'?
Or does the virtual_private need to know the 'client' network?
Turbo> compress=yes
Jacco> Minor detail: this is not supported by Windows so it won't
Jacco> have any effect.
Turbo> But I saw sometehing about a reg hack to MAYBE enable this.
Jacco> You probably read that on my MSL2TP webpage. That is a
Jacco> Win9x/Me/NT client. It is not applicable to Win2k and
Jacco> higher.
I see. Thanx.
Turbo> The XP machine have SP2 and the Win2k machine have SP4...
Jacco> The Win2k machine still needs the Q818043 update if it is
Jacco> behind NAT.
I'll install that then. Do I need the NAT-T patch on my home firewall?
More information about the Users
mailing list