[Openswan Users] How to hide LAN

Chris Purves chris at northfolk.ca
Wed Nov 8 11:42:27 EST 2006

Paul Wouters wrote:
> On Tue, 7 Nov 2006, Chris Purves wrote:
>> I have set up openswan for ipsec over l2tp using certificates according
>> to the following howto's:
>> http://www.natecarlson.com/linux/ipsec-l2tp.php
>> http://www.jacco2.dds.nl/networking/win2000xp-openswan.html
>> I have the connection working, but I would like to have it set up so
>> that the roadwarrior machine (winxp) cannot see the LAN behind the
>> server.  Essentially I would like the connection to allow the
>> roadwarrior and the server to see each other, but nothing else.
>> How would I go about setting this up?
> Use a dedicated subnet range for your l2tp clients that are only
> routable to your server?

Okay, I wasn't sure if I could do that...but then I also didn't try.  So 
what I have done is:

My LAN is 192.168.21.xxx
I modified /etc/l2tpd/l2tpd.conf
   ip range =
   local ip =
I modified /etc/ppp/options.l2tpd.lns
I modified /etc/ipsec.conf
   conn roadwarrior-net

It's working the way I want now.  The roadwarrior cannot see 
192.168.21.xxx machines, only the server at  Are the 
above changes the correct ones?  Are any unnecessary?


More information about the Users mailing list