[Openswan Users] openswan configuration 2
Jacco de Leeuw
jacco2 at dds.nl
Wed Mar 21 06:07:49 EDT 2007
Franci wrote:
> I have a question about my openswan installation. I have two xp clients (1,2)
> connected to openswan ubuntu server and on another side next xp client 3.
I don't understand your setup. Do you have a 10.10.10.0/24 LAN with a VPN
server on 193.2.76.229, one remote XP client at 193.2.76.229 and a couple
of other clients on the internal LAN? And what protocol(s) do you want to
use: IPsec with a third-party client for XP or L2TP/IPsec with the built-in
client?
> conn roadwarrior-l2tp1
> type=transport
> left=193.2.76.229
> leftcert=kaktus.crt
> leftprotoport=17/1701
> right=%any
> rightprotoport=17/1701
> pfs=no
> auto=add
You forgot:
rightsubnet=vhost:%no,%priv
assuming that you want to support NATed clients.
> conn roadwarrior-l2tp2
> type=transport
> left=10.10.10.1
> leftcert=kaktus.crt
> leftprotoport=17/1701
> right=%any
> rightprotoport=17/1701
> pfs=no
> auto=add
Remove this section. If you really want to secure connections between
the VPN server and internal clients, use IPsec in transport mode with
for example the Shrew client, not L2TP/IPsec.
> xpclient1 * "xpclient1" 193.2.76.223
> * xpclient1 "xpclient1" 193.2.76.223
Idem.
> How could I directly connect from xp client 3 to openswan ubuntu server finall
> destination is xp client 1 or 2.
What kind of connection do you mean? You want to connect from XP client 3
to XP clients 1 or 2. A Remote Desktop connection? That should work, once
client 3 has set up its VPN connection.
You did not provide configuration details for XP client 2. Presumably
it's on 10.10.10.0/24.
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list