[Openswan Users] How to hide LAN
Chris Purves
chris at northfolk.ca
Wed Nov 8 14:11:59 EST 2006
Paul Wouters wrote:
> On Wed, 8 Nov 2006, Chris Purves wrote:
>
>> Paul Wouters wrote:
>>> On Tue, 7 Nov 2006, Chris Purves wrote:
>>>
>>>> I have set up openswan for ipsec over l2tp using certificates according
>>>> to the following howto's:
>>>>
>>>> http://www.natecarlson.com/linux/ipsec-l2tp.php
>>>> http://www.jacco2.dds.nl/networking/win2000xp-openswan.html
>>>>
>>>> I have the connection working, but I would like to have it set up so
>>>> that the roadwarrior machine (winxp) cannot see the LAN behind the
>>>> server. Essentially I would like the connection to allow the
>>>> roadwarrior and the server to see each other, but nothing else.
>>>>
>>>> How would I go about setting this up?
>>> Use a dedicated subnet range for your l2tp clients that are only
>>> routable to your server?
>> Okay, I wasn't sure if I could do that...but then I also didn't try. So what
>> I have done is:
>>
>> My LAN is 192.168.21.xxx
>> I modified /etc/l2tpd/l2tpd.conf
>> ip range = 192.168.173.2-192.168.173.250
>> local ip = 192.168.173.1
>> I modified /etc/ppp/options.l2tpd.lns
>> ms-dns 192.168.173.1
>> ms-wins 192.168.173.1
>> I modified /etc/ipsec.conf
>> conn roadwarrior-net
>> leftsubnet=192.168.173.0/255.255.255.0
>>
>>
>> It's working the way I want now. The roadwarrior cannot see 192.168.21.xxx
>> machines, only the server at 192.168.173.1. Are the above changes the correct
>> ones? Are any unnecessary?
>
> you shouldnt need roadwarrior-net, as l2tp is a host to host connection.
>
Great, thanks! I still have a fair amount of reading to do to
understand the finer points, but I have a working starting setup now.
--
Chris
More information about the Users
mailing list