[Openswan Users] multi roadworrier behind same nat
Paul Wouters
paul at xelerance.com
Thu Feb 22 11:14:30 EST 2007
On Thu, 22 Feb 2007, Gurvinder Singh wrote:
> > I had tried three linux ubuntu clients each with openswan version 2.4.7using
> > the same nat, they all work fine when i use only openswan but when
> > with windows xp clients all using the same nat i use openswan and l2tpd only
> > one of them connect. SO the issue is of openswan or l2tpd ?
> >
>
>
> IS there any windows xp openswan or ipsec client which can work for my
> windows roadwarriors using same nat without l2tpd like my linux clients
> behind same nat work.
The issue is not the clients. The issue is the server needing to keep track
of the different clients behind the same NAT router and the different local
ip's (eg client1 uses 192.168.1.101 internally but so is client2).
Stinghorn had some patch that hacked openswan to do this, but in the wrong
way. It breaks openswan for everything else. The clean way is implemented
by Xelerance. Probably the Stinghorn patch only works with years-old kernels.
It is irrelevant what client software is used on the clients when using L2TP.
Though I dont think anyone uses a non-operatingsystem supplied l2tp client.
You can use a non-l2tp IPsec client, but then you have to address another problem
of how to assign IP's from your remote LAN to the laptops. The only other
alternative supported by Openswan is to use XAUTH with ModeConfig. You will
need to use a third party client for Windows (and it is illegal to use the
Cisco client to connect to non-cisco hardware). Perhaps GreenBow or NCP?
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list