[Openswan Users] Possible to move ipsec config to another host?

Jobst Schmalenbach jobst at barrett.com.au
Mon Dec 20 09:40:58 EST 2010

  Thanks, Paul, very much appreciated.

The "left=192.." works with "left=%defaultroute" as well.

However, I had to keep the "leftnexthop=" as well ... I 
can only *imagine *(I don't read much source code these days) that 
because of the NAT in the modem

  236.X (internet interface) -- (modem port interface) -- (ETHX of the ipsec  gateway behind modem, DMZ'ed)

Ipsec had no idea how to route this, so specifying the next hop as the 
interface of the target machine would have "bridged" the mess of the 

But yes, its working, thank you Paul.


On 12/20/2010 03:24 PM, Paul Wouters wrote:
> On Mon, 20 Dec 2010, Jobst Schmalenbach wrote:
>> What I did NOT think of that the OLD network sits on OPTUS where the 
>> ETHX card is the PUBLIC IPADDRESS (optus modems run in bridge mode) 
>> while the new network sits on a network behind a ADSL router that has 
>> a DMZ, so the ETHX card is not (my static 
>> IP address provided by the ISP).
>> conn yorkstreet-2-barrett
>>  left=
> That should be left=
>>  leftsourceip=
>>  leftnexthop=
> leave these out.
> Paul

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20101221/3ffd53cd/attachment.html 

More information about the Users mailing list