[Openswan Users] DHCP/Any Traffic over an established VPN tunnel
Paul Wouters
paul at xelerance.com
Fri Oct 9 11:39:20 EDT 2009
On Fri, 9 Oct 2009, Carlos Lopez wrote:
> - The router will forward port 500,50 and 51 to VPN server.
First of all, you need udp port 500 and 4500. and PROTOCOL 50 and 51. Not port 50 or 51.
Second, it makes no sense to build linux machines that NAT/forward stuff to other linux
machines doing ipsec. Just setup teh ipsec on the first linux router.
> - Do some sort of routing on the ROUTER side let pass traffic on both directions (172.17.1.x/24 [ExternalUsers'pc] from/to 172.16.0.1/24 [corporate LAN]).
Remember an IPsec tunnel is no virtual ethernet. You cannot route random packets through
it. they will be dropped for having the wrong security policy.
It looks that you want to setup a local dns/email/etc precence using 172.16.0.0/24.
then create a tunnel from 172.16.0.0/24 <-> 0.0.0.0/0 to tunnel the traffic back to
the main network. Now 172.16.0.0/24 is reachable from the remote network.
Once tha'ts done, you can setup local VPN servers and what not to deal with rolling
out things at the local hub, which could include a vpn server for roaming users.
Paul
More information about the Users
mailing list