[Openswan Users] Non IANA ip ranges

Paul Wouters paul at xelerance.com
Fri Aug 6 18:40:54 EDT 2010

On Fri, 6 Aug 2010, Per Qvindesland wrote:

> Does anyone here know if ipsec will deny any clients that get's assigned a IP address of ie 172.2.2.x the user can log in but it is not possible to ping any machines on the network? but if the user gets a 192,168.100.1 or if I try with 10.0.0.X range the user can ping and surf the network, is this something that is known to be a problem with later versions of IPsec?

Openswan does not treat any range specifically. However, the default virtual_private= line in ipsec.conf
only contains RFC1918 address space for security reasons. If someone is NAT'ed using another range, you
might have to add that to virtual_private.


More information about the Users mailing list