[Openswan Users] Cannot make openswan working...

Andriy Lesyuk s-andy at in.if.ua
Wed Apr 30 16:37:08 EDT 2008


>>> /I wonder if someone can answer on the question: Can 192.168.14.0/24 be used on the client side if 192.168.0.0/20 is used on the
>>> /server side?
>> General routing rules apply.
>> As long as there are no 192.168.14.0/24 hosts in the 192.168.0.0/20 subnet then everything will work fine,
>> as ip routing will choose the most specific route for each packet. For example:
>>
>> 192.168.0.0/20 (bad subnet: 192.168.14.0/24) (ok subnets: 192.168.0.0/21, 192.168.8.0/22, 192.168.12.0/23, 192.168.15.0/24)
>> 	|
>> [openswan server]
>> 	|
>> Internet
>> 	|
>> [remote router]
>> 	|
>> 192.168.14.0/24
>> 	|
>> [l2tp (windows/mac/linux) client]
>>
>> You may also need to set one of the following on the server:
>> 	
>> virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.44.68.0/24,%v4:!192.168.0.0/20,%v4:192.168.14.0/24,%v4:!
>> 172.27.172.0/24
>> 	
>> virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!10.44.68.0/24,%v4:!192.168.0.0/21,%v4:!192.168.8.0/22,%v4:!
>> 192.168.12.0/23,%v4:!192.168.15.0/24,%v4:!172.27.172.0/24
>>  
>> Peter McGill
> What if 192.168.14.0/24 is used on the server too? No way? Sorry for 
> my ignorance but till now I worked only with OpenVPN. I guess this is 
> due to ESP, right? My home router does supports IPSec passthrough so 
> possibly I must be able to connect without NAT-T?
Just one more question... PPTP (as an alternative to IPSec/L2TP) can be 
used in local network for providing Internet access (like PPPoE). In 
this case the client connects from the zone which is actually used on 
the server. So I wonder if IPSec/L2TP can be used as VPN over Ethernet?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080430/2ba01c1e/attachment.html 


More information about the Users mailing list