[Openswan Users] Cannot make openswan working...
Jacco de Leeuw
jacco2 at dds.nl
Thu May 1 17:50:11 EDT 2008
Andriy Lesyuk wrote:
>> I still don't understand your setup. The server has a leftnexthop
>> to its own network interface?
>>
> Actually, yes... Is this not good?
No, not good. Usually you don't need to explicitly set this parameter.
See man ipsec.conf.
> eth1 is internal interface which does have real world IP addresses.
Why? It is not to be accessed from the outside, right?
> Openswan listens to 68.68.12.1. L2TP server also listens to 68.68.12.1.
That means you want users on the internal network to securely access
the Internet?
>> What is it exactly that you want to achieve? Allow VPN users in
>> from the Internet to the internal network? Allow VPN users on
>> the internal (possibly untrusted such as wireless?) network out
>> to the Internet?
>>
> Ideally I want both... But currently I want to have VPN for external
> (from Internet) users.
If so, then currently Openswan is listening on the wrong interface.
I don't know if you can support both scenarios at the same time.
I for one have not tested this. If you are just starting with
Openswan and L2TP, I'd say to forget about it at this stage.
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list