[Openswan Users] Linux IPsec client

Jacco de Leeuw jacco2 at dds.nl
Wed Sep 27 12:13:28 EDT 2006


Xunhua Wang wrote:

> So, what's the problem with NAT in this case?

On the server, your ipsec.conf has:

conn roadwarrior
    rightsubnet=vhost:%no

This should be:
    rightsubnet=vhost:%no,%priv

Another thing, not related to the problem. I think you can
use pfs=yes on the Linux client. Microsoft may not support
PFS in L2TP/IPsec connections, but I see no reason why we
should follow them. It improves security if you enable PFS.

I see you also enable IPCOMP compression on the server. Your
Windows and Mac clients do not support that but your Linux
clients do. I'd be interested to know if it is an advantage
or not.

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl


More information about the Users mailing list