[Openswan Users] Possible to move ipsec config to another host?

Paul Wouters paul at xelerance.com
Mon Dec 20 13:31:52 EST 2010

On Tue, 21 Dec 2010, Jobst Schmalenbach wrote:

> The "left=192.." works with "left=%defaultroute" as well.
> However, I had to keep the "leftnexthop=" as well ... I can only imagine (I don't read much source
> code these days) that because of the NAT in the modem

Since cannot be the default gateway of your 192.168.xxxx IP, that makes no sense.

>  236.X (internet interface) -- (modem port interface) -- (ETHX of the ipsec  gateway behind
> modem, DMZ'ed)
> Ipsec had no idea how to route this, so specifying the next hop as the interface of the target machine would have
> "bridged" the mess of the modem;-)

Then it seems to be the nexthop should be, not


More information about the Users mailing list