[Openswan Users] How to hide LAN
Chris Purves
chris at northfolk.ca
Wed Nov 8 11:42:27 EST 2006
Paul Wouters wrote:
> On Tue, 7 Nov 2006, Chris Purves wrote:
>
>> I have set up openswan for ipsec over l2tp using certificates according
>> to the following howto's:
>>
>> http://www.natecarlson.com/linux/ipsec-l2tp.php
>> http://www.jacco2.dds.nl/networking/win2000xp-openswan.html
>>
>> I have the connection working, but I would like to have it set up so
>> that the roadwarrior machine (winxp) cannot see the LAN behind the
>> server. Essentially I would like the connection to allow the
>> roadwarrior and the server to see each other, but nothing else.
>>
>> How would I go about setting this up?
>
> Use a dedicated subnet range for your l2tp clients that are only
> routable to your server?
Okay, I wasn't sure if I could do that...but then I also didn't try. So
what I have done is:
My LAN is 192.168.21.xxx
I modified /etc/l2tpd/l2tpd.conf
ip range = 192.168.173.2-192.168.173.250
local ip = 192.168.173.1
I modified /etc/ppp/options.l2tpd.lns
ms-dns 192.168.173.1
ms-wins 192.168.173.1
I modified /etc/ipsec.conf
conn roadwarrior-net
leftsubnet=192.168.173.0/255.255.255.0
It's working the way I want now. The roadwarrior cannot see
192.168.21.xxx machines, only the server at 192.168.173.1. Are the
above changes the correct ones? Are any unnecessary?
--
Chris
More information about the Users
mailing list