[Openswan Users] How to hide LAN

Chris Purves chris at northfolk.ca
Wed Nov 8 14:11:59 EST 2006


Paul Wouters wrote:
> On Wed, 8 Nov 2006, Chris Purves wrote:
> 
>> Paul Wouters wrote:
>>> On Tue, 7 Nov 2006, Chris Purves wrote:
>>>
>>>> I have set up openswan for ipsec over l2tp using certificates according
>>>> to the following howto's:
>>>>
>>>> http://www.natecarlson.com/linux/ipsec-l2tp.php
>>>> http://www.jacco2.dds.nl/networking/win2000xp-openswan.html
>>>>
>>>> I have the connection working, but I would like to have it set up so
>>>> that the roadwarrior machine (winxp) cannot see the LAN behind the
>>>> server.  Essentially I would like the connection to allow the
>>>> roadwarrior and the server to see each other, but nothing else.
>>>>
>>>> How would I go about setting this up?
>>> Use a dedicated subnet range for your l2tp clients that are only
>>> routable to your server?
>> Okay, I wasn't sure if I could do that...but then I also didn't try.  So what
>> I have done is:
>>
>> My LAN is 192.168.21.xxx
>> I modified /etc/l2tpd/l2tpd.conf
>>   ip range = 192.168.173.2-192.168.173.250
>>   local ip = 192.168.173.1
>> I modified /etc/ppp/options.l2tpd.lns
>>   ms-dns 192.168.173.1
>>   ms-wins 192.168.173.1
>> I modified /etc/ipsec.conf
>>   conn roadwarrior-net
>>         leftsubnet=192.168.173.0/255.255.255.0
>>
>>
>> It's working the way I want now.  The roadwarrior cannot see 192.168.21.xxx
>> machines, only the server at 192.168.173.1.  Are the above changes the correct
>> ones?  Are any unnecessary?
> 
> you shouldnt need roadwarrior-net, as l2tp is a host to host connection.
> 

Great, thanks!  I still have a fair amount of reading to do to 
understand the finer points, but I have a working starting setup now.

-- 
Chris



More information about the Users mailing list