[Openswan Users] First time setup common questions

Richard Michael rmichael-openswan at edgeofthenet.org
Mon Jun 16 12:50:18 EDT 2008


On Mon, Jun 16, 2008 at 12:39:00PM -0400, Paul Wouters wrote:
> On Sun, 15 Jun 2008, Richard Michael wrote:
>
>> I'll implement using NETKEY to avoid kernel patches and have hopefully
>> greater stability.  Also, as I have simple requirements, and am doubtful
>> they would be described as a "complex l2tp scenario" (single remote
>> users with MacOS or Windows laptops accessing file services), the extra
>> features of KLIPS are likely more than I need.
>
> Not if those are all using 192.168.1.101 as their internal IP.....

Ah, well now we're beginning to discuss why I'd choose KLIPS vs. NETKEY.

Do you mean: different clients, each behind their own NAT'ing router,
and coincidentally using the same IP address?  (Furthermore meaning, in
such a scenario both the openswan server and the client are NAT'd behind
routers.)

With the ubiquity of "default" configured home routers (e.g.
192.168.1.0/24 or 192.168.0.0/24, and a few other common network
spaces), I suppose it is possible more than one client could have the
same IP address, albeit on a different network.

So, what problems will this cause, and how can they be addressed?
(Obviously, aside from asking the client to change the router
configuration.)

Richard


More information about the Users mailing list