[Openswan Users] Roaming user to Central site VPN or dynamic IP address to static IP address VPN..

Paul Wouters paul at xelerance.com
Sun Nov 18 14:52:21 EST 2007

On Sat, 17 Nov 2007, Alejandro Correa wrote:

> only to let you know that with your help I  have now a NetToNet VPN
> with a Roaming User(dynamic IP) to Central Site (Static IP) working
> for about 4 days.
> I try with both proposed solution and the one that works for me was
> setting right=%any and dpdaction=hold on the server side. I dont know
> if there is a security implication on this??

you should use dpdaction=%clear for dynamic ip roadwarriors, because
blocking that ip makes no sense. Another roadwarrior might show up
at that ip (many behind NAT) and the original one might show up at
a different ip. So just forget the state about lost roadwarriors and
be ready to accept them again from any other (or the same) ip.


More information about the Users mailing list