[Openswan Users] Cannot make openswan working...
Andriy Lesyuk
s-andy at in.if.ua
Wed Apr 30 16:37:08 EDT 2008
>>> /I wonder if someone can answer on the question: Can 192.168.14.0/24 be used on the client side if 192.168.0.0/20 is used on the
>>> /server side?
>> General routing rules apply.
>> As long as there are no 192.168.14.0/24 hosts in the 192.168.0.0/20 subnet then everything will work fine,
>> as ip routing will choose the most specific route for each packet. For example:
>>
>> 192.168.0.0/20 (bad subnet: 192.168.14.0/24) (ok subnets: 192.168.0.0/21, 192.168.8.0/22, 192.168.12.0/23, 192.168.15.0/24)
>> |
>> [openswan server]
>> |
>> Internet
>> |
>> [remote router]
>> |
>> 192.168.14.0/24
>> |
>> [l2tp (windows/mac/linux) client]
>>
>> You may also need to set one of the following on the server:
>>
>> virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.44.68.0/24,%v4:!192.168.0.0/20,%v4:192.168.14.0/24,%v4:!
>> 172.27.172.0/24
>>
>> virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.44.68.0/24,%v4:!192.168.0.0/21,%v4:!192.168.8.0/22,%v4:!
>> 192.168.12.0/23,%v4:!192.168.15.0/24,%v4:!172.27.172.0/24
>>
>> Peter McGill
> What if 192.168.14.0/24 is used on the server too? No way? Sorry for
> my ignorance but till now I worked only with OpenVPN. I guess this is
> due to ESP, right? My home router does supports IPSec passthrough so
> possibly I must be able to connect without NAT-T?
Just one more question... PPTP (as an alternative to IPSec/L2TP) can be
used in local network for providing Internet access (like PPPoE). In
this case the client connects from the zone which is actually used on
the server. So I wonder if IPSec/L2TP can be used as VPN over Ethernet?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080430/2ba01c1e/attachment.html
More information about the Users
mailing list