[Openswan Users] Cannot make openswan working...
Andriy Lesyuk
s-andy at in.if.ua
Wed Apr 30 14:57:29 EDT 2008
>
>> / wonder if someone can answer on the question: Can 192.168.14.0/24 be used on the client side if 192.168.0.0/20 is used on the
>> /server side?
> General routing rules apply.
> As long as there are no 192.168.14.0/24 hosts in the 192.168.0.0/20 subnet then everything will work fine,
> as ip routing will choose the most specific route for each packet. For example:
>
> 192.168.0.0/20 (bad subnet: 192.168.14.0/24) (ok subnets: 192.168.0.0/21, 192.168.8.0/22, 192.168.12.0/23, 192.168.15.0/24)
> |
> [openswan server]
> |
> Internet
> |
> [remote router]
> |
> 192.168.14.0/24
> |
> [l2tp (windows/mac/linux) client]
>
> You may also need to set one of the following on the server:
>
> virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.44.68.0/24,%v4:!192.168.0.0/20,%v4:192.168.14.0/24,%v4:!
> 172.27.172.0/24
>
> virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.44.68.0/24,%v4:!192.168.0.0/21,%v4:!192.168.8.0/22,%v4:!
> 192.168.12.0/23,%v4:!192.168.15.0/24,%v4:!172.27.172.0/24
>
> Peter McGill
What if 192.168.14.0/24 is used on the server too? No way? Sorry for my
ignorance but till now I worked only with OpenVPN. I guess this is due
to ESP, right? My home router does supports IPSec passthrough so
possibly I must be able to connect without NAT-T?
Thanks,
Andriy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080430/50eadce5/attachment.html
More information about the Users
mailing list