[Openswan Users] ipsec does not register routes
Martin Krellmann
martin at krellmann.net
Mon Oct 8 05:50:11 EDT 2007
Hi.
> For those who want to know, there were two problems (if I remember
> correctly).
Yes you are correct.
> Which scenario do you have in mind, exactly?
>
> > conn trusetal.krellmann.net
>
> This is no road warrior setup. Are both vpngates running Openswan?
> Then you are probably better off with pure IPsec, leaving L2TP
> out of the equation.
For this connection i have a sort of gate-to-gate connection in mind.
The gate on the remote end (windows 2000 machine) connects to my openswan
server.
I have to use the L2TP here because Windows IPSec is not able to use dynamic
IP addresses, which I have on both ends.
I've also thougt about installing a virtual machine on the remote site (with
VMWare) with a linux OS and openswan, but the computer hast not enough power
for that solution...
Greetings
Martin.
> -----Ursprüngliche Nachricht-----
> Von: users-bounces at openswan.org [mailto:users-bounces at openswan.org] Im
> Auftrag von Jacco de Leeuw
> Gesendet: Montag, 8. Oktober 2007 00:59
> An: users at openswan.org
> Betreff: Re: [Openswan Users] ipsec does not register routes
>
>
> Martin Krellmann wrote:
>
> > After my openswan ipsec is now up and running (special thanks to
> Jacco)
> > if have another little question.
>
> For those who want to know, there were two problems (if I remember
> correctly).
> There was a "%defaultroute cannot cope" because Openswan was not told
> what
> interface to use. And the client was configured to use EAP-TLS instead
> of
> CHAP.
>
> > Why does openswan/xl2tp server not register the routes to the network
> > behind the right system after the connection has established?
>
> Which scenario do you have in mind, exactly? A road warrior setup for
> Windows/Mac clients? In that case the server has no business
> registering
> routes to the networks behind clients.
>
> > conn trusetal.krellmann.net
> > left=192.168.10.253
> > leftcert=vpngate.potsdam.krellmann.net.pem
> > leftprotoport=17/1701
> > leftsubnet=192.168.10.0/24
> > right=trusenkrell.dyndns.org
> > rightcert=vpngate.trusetal.krellmann.net.pem
> > rightprotoport=17/1701
> > rightsubnet=192.168.178.0/24
>
> This is no road warrior setup. Are both vpngates running Openswan?
> Then you are probably better off with pure IPsec, leaving L2TP
> out of the equation.
>
> Jacco
> --
> Jacco de Leeuw mailto:jacco2 at dds.nl
> Zaandam, The Netherlands http://www.jacco2.dds.nl
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-
> 2946327?n=283155
More information about the Users
mailing list