[Openswan Users] How to hide LAN
Paul Wouters
paul at xelerance.com
Wed Nov 8 13:43:21 EST 2006
On Wed, 8 Nov 2006, Chris Purves wrote:
> Paul Wouters wrote:
> > On Tue, 7 Nov 2006, Chris Purves wrote:
> >
> > > I have set up openswan for ipsec over l2tp using certificates according
> > > to the following howto's:
> > >
> > > http://www.natecarlson.com/linux/ipsec-l2tp.php
> > > http://www.jacco2.dds.nl/networking/win2000xp-openswan.html
> > >
> > > I have the connection working, but I would like to have it set up so
> > > that the roadwarrior machine (winxp) cannot see the LAN behind the
> > > server. Essentially I would like the connection to allow the
> > > roadwarrior and the server to see each other, but nothing else.
> > >
> > > How would I go about setting this up?
> >
> > Use a dedicated subnet range for your l2tp clients that are only
> > routable to your server?
>
> Okay, I wasn't sure if I could do that...but then I also didn't try. So what
> I have done is:
>
> My LAN is 192.168.21.xxx
> I modified /etc/l2tpd/l2tpd.conf
> ip range = 192.168.173.2-192.168.173.250
> local ip = 192.168.173.1
> I modified /etc/ppp/options.l2tpd.lns
> ms-dns 192.168.173.1
> ms-wins 192.168.173.1
> I modified /etc/ipsec.conf
> conn roadwarrior-net
> leftsubnet=192.168.173.0/255.255.255.0
>
>
> It's working the way I want now. The roadwarrior cannot see 192.168.21.xxx
> machines, only the server at 192.168.173.1. Are the above changes the correct
> ones? Are any unnecessary?
you shouldnt need roadwarrior-net, as l2tp is a host to host connection.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list