[Openswan Users] Old user having troubles with new techniques
Paul Wouters
paul at xelerance.com
Mon Jul 5 19:56:42 EDT 2010
On Mon, 5 Jul 2010, Larry Brown wrote:
>>> So close guys... Does anyone know how to dynamically set the leftsubnet
>>> value when the roadwarrior connects? I'm thinking this is my last
>>> hurtle here...
>>
>> rightsubnet=vnet:%priv
>>
>> You will need to use openswan 2.6.27 or 2.6.28dr*
>>
>> Paul
>
> Awesome! Thanks to everyone for the assistance. I should now be able
> to take the roadwarrior behind anyone's NAT and make connections in. I
> have not tested back outside of the NAT and am some distance from my
> test unit so I'll confirm tomorrow. However, in case someone else has
> this issue and follows this thread my final ipsec.conf looks like
> follows.
Wait? What?
For a regular roadwarrior, you set on the server side:
rightsubnet=vhost:%priv,%no
and on both client and server you have nat_traversal=yes and on the
server an appropriate virtual_private= line (see man ipsec.conf)
The vnet is only when you want to allow subnets to be attached without
preconfiguring, which I don't think you want to do (even though you asked
for that)
Paul
More information about the Users
mailing list