[Openswan Users] How to hide LAN
chris at northfolk.ca
Wed Nov 8 11:42:27 EST 2006
Paul Wouters wrote:
> On Tue, 7 Nov 2006, Chris Purves wrote:
>> I have set up openswan for ipsec over l2tp using certificates according
>> to the following howto's:
>> I have the connection working, but I would like to have it set up so
>> that the roadwarrior machine (winxp) cannot see the LAN behind the
>> server. Essentially I would like the connection to allow the
>> roadwarrior and the server to see each other, but nothing else.
>> How would I go about setting this up?
> Use a dedicated subnet range for your l2tp clients that are only
> routable to your server?
Okay, I wasn't sure if I could do that...but then I also didn't try. So
what I have done is:
My LAN is 192.168.21.xxx
I modified /etc/l2tpd/l2tpd.conf
ip range = 192.168.173.2-192.168.173.250
local ip = 192.168.173.1
I modified /etc/ppp/options.l2tpd.lns
I modified /etc/ipsec.conf
It's working the way I want now. The roadwarrior cannot see
192.168.21.xxx machines, only the server at 192.168.173.1. Are the
above changes the correct ones? Are any unnecessary?
More information about the Users