[Openswan Users] Cannot make openswan working...

Jacco de Leeuw jacco2 at dds.nl
Fri May 2 10:30:42 EDT 2008

Andriy Lesyuk wrote:

> Without this parameter I used to loose any connectivity with the server 
> (including ssh or ping) after IPSec connection had been established... eth1
> is internal interface which does have real world IP addresses.

If the IPsec packets do not arrive from the default gateway then you
may need to specify leftnexthop to that other router.

> No, actually it should be accessed from outside. Even more - we have many
> machines with real world IPs in out internal network and many of them also
> should be accessed from outside. We are using firewall to limit this access
> of course...

Hm, I would hesitate to put an external IP address as well as internal
subnets on one and the same interface. Perhaps it's easier to put both
external 68.68.x.x addresses on one interface?

>>> Ideally I want both... But currently I want to have VPN for external 
>>> (from Internet) users.

This may work if you add another interface. For example, you have an external
untrusted interface (e.g. to the Internet), an internal trusted interface
(your LAN) and an internal untrusted interface (e.g. a wireless network).
Openswan would be listening on the two untrusted interfaces and the L2TP
daemon would hand out IP addresses from the trusted subnet to VPN users from
both the Internet and the wireless network.

> Okey, I did and now my VPN works! =) Thank you all very much! Special
> thanks to you, Jacco!

No problem, glad it works!

Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl

More information about the Users mailing list