[Openswan Users] a question about openswan configuration for x509 without L2TP

Alfonso Viso alfonso.viso at selftrade.com
Thu Nov 13 10:09:28 EST 2008 

hello, 
 
i want to know if it's possible to configure a virtual ip address in the roadwarrior with x509 , i explain our schema:
 
rw (192.168.1.15)-----(192.168.1.1)adsl router(public ip)-------(public ip)eth1 server openswan/firewall (10.x.x.x)
 
the server's file ipsec.conf is :
 
config setup
        interfaces="ipsec0=eth1"
        nat_traversal=yes
        forwardcontrol=yes
        virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
        uniqueids=yes
 
conn %default
        keyingtries=0
        compress=yes
        disablearrivalcheck=no
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert
 
conn roadwarrior-net
        type=tunnel
        left=x.x.x.x
        leftsubnet=10.0.0.0/16
        leftcert=esmadlx02vpn.selftrade.es.pem
        right=%any
        rightcert=self_prueba_xp.selftrade.es.pem
        rightsubnet=vhost:%no,%priv
        rightid="C=ES,S=Madrid,L=Madrid,O=Self Trade Bank,CN=self_prueba_xp.selftrade.es,E=alfonso.viso at selftrade.com"
        auto=add
        pfs=yes

and the roadwarrior's file ipsec.conf is:
 
conn roadwarrior-net
 left=%any
 right=81.93.214.114
 rightsubnet=10.105.0.0/255.255.0.0
 rightca="................................................."
 network=auto
 auto=start
 pfs=yes 
 
with this configuration the connection is ok, the tunnel is up and  the roadwarrior connect to the private network with 192.168.1.15.
now, i want to configure a second ip address in the roadwarrior, virtual ip, for example 192.168.200.x, for use it to connect.
is it possible?
thanks in advanced and please forgive me for my english.
 
Regards
Alfonso.



___________________________________

Ce message contient des informations confidentielles ou appartenant à
Boursorama et est établi à l'intention exclusive de ses destinataires. Toute
divulgation, utilisation, diffusion ou reproduction (totale ou partielle) de ce
message, ou des informations qu'il contient, doit être préalablement
autorisée. Tout message électronique est susceptible d'altération et son
intégrité ne peut être assurée. Boursorama décline toute responsabilité au
titre de ce message s'il a été modifié ou falsifié. Si vous n'êtes pas
destinataire de ce message, merci de le détruire immédiatement et d'avertir
l'expéditeur de l'erreur de distribution et de la destruction du message.
___________________________________

This e-mail contains confidential information or information belonging to
Boursorama and is intended solely for the addressees. The unauthorised
disclosure, use, dissemination or copying (either whole or partial) of this
e-mail, or any information it contains, is prohibited. E-mails are susceptible
to alteration and their integrity cannot be guaranteed. Boursorama shall not be
liable for this e-mail if modified or falsified. If you are not the intended
recipient of this e-mail, please delete it immediately from your system and
notify the sender of the wrong delivery and the mail deletion.
___________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20081113/009df8b6/attachment.html

More information about the Users mailing list