[Openswan Users] Linux IPsec client
Jacco de Leeuw
jacco2 at dds.nl
Wed Sep 27 12:13:28 EDT 2006
Xunhua Wang wrote:
> So, what's the problem with NAT in this case?
On the server, your ipsec.conf has:
conn roadwarrior
rightsubnet=vhost:%no
This should be:
rightsubnet=vhost:%no,%priv
Another thing, not related to the problem. I think you can
use pfs=yes on the Linux client. Microsoft may not support
PFS in L2TP/IPsec connections, but I see no reason why we
should follow them. It improves security if you enable PFS.
I see you also enable IPCOMP compression on the server. Your
Windows and Mac clients do not support that but your Linux
clients do. I'd be interested to know if it is an advantage
or not.
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list