[Openswan Users] Informing about networks which are behind the VPN in split tunnel config.
Jacco de Leeuw
jacco2 at dds.nl
Tue May 6 11:20:14 EDT 2008
Oguz Yilmaz wrote:
> LAN (10.0.0.0/8) - SW(10.0.0.1) - VPNRouter (10.0.0.2 ) +++ VPN Users
> 172.16.10.0/24
>
> Our VPN users connect and are assigned an IP from 172.16.10.0/24 subnet by
> l2tpd. There are configured as split-tunnel. That is, they use internet
> directly not over VPNRouter.
>
> How can I automatically inform VPN clients about 10.0.0.0/8 subnet
> connections should go over VPNRouter?
Well, either let l2tpd assign VPN users IP addresses from the LAN subnet
(10.0.0.0/8, apparently). Or drop the split tunnelling. Or use DHCP Inform
to set a static route to 10.0.0.0/8 on the clients.
Regarding DHCP Inform, Wolfgang "wogri" Hennerbichler has described
such a setup at http://www.wogri.at/RoadWarrior-VPN.249.0.html
There's a couple of other things that are worth mentioning but
I have not yet put them on my webpage. It's a bit hack-ish at
the moment.
> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.1.0/24
You would need to exclude all your internal subnets, i.e.
add %v4:!172.16.10.0/24 and remove %v4:10.0.0.0/8.
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list