[Openswan Users] First time setup common questions
Paul Wouters
paul at xelerance.com
Mon Jun 16 15:39:31 EDT 2008
On Mon, 16 Jun 2008, Richard Michael wrote:
> Ah, well now we're beginning to discuss why I'd choose KLIPS vs. NETKEY.
>
> Do you mean: different clients, each behind their own NAT'ing router,
> and coincidentally using the same IP address? (Furthermore meaning, in
> such a scenario both the openswan server and the client are NAT'd behind
> routers.)
See teh diagram docs/ipsecsaref.png to see what KLIPS(NG) can do.
It requires kernel patches to parts of the kernel outside of klips.
> With the ubiquity of "default" configured home routers (e.g.
> 192.168.1.0/24 or 192.168.0.0/24, and a few other common network
> spaces), I suppose it is possible more than one client could have the
> same IP address, albeit on a different network.
It's basically guaranteed.
> So, what problems will this cause, and how can they be addressed?
> (Obviously, aside from asking the client to change the router
> configuration.)
The kernel can't add the overlapping policy. And only the first client
will work.
Paul
More information about the Users
mailing list