[Openswan Users] Client 2 Client without base network

Paul Wouters paul at xelerance.com
Mon Mar 15 15:38:30 EDT 2010

On Mon, 15 Mar 2010, [FnG] Lambik wrote:

> We have an internet server with only 1 physical interface and want to connect 4(or more) Clients (PCs/Laptops behind ADSL NAT routers) thru VPN to this
> internet server. There is no NAT on the internet server.
> Only to have a 'direct' connection between the 4 Clients, without hassle of portforwarding on the ADSL routers, no need to use services from the server
> (at this stage, maybe later on we do)
> The clients are windows based (XP and Win 7)
> The idea is to create a virtual interface with a private address(to simulate a LAN) on the internet server(either on the physical interface or just a
> loopback interface),
> I have seen many examples of LAN 2 LAN connection and Client to LAN, but none of them seem to work for me(I thought I should be okay with Client to LAN
> setup, but it didn't)
> What type of config would be the easiest to create and have the best chance of succes ?
> Can it be done without iptables or ipchains ?

Setup an L2TP network using openswan+xl2tpd. Then you assign private IP's within one subnet,
and then the clients can talk to eacher via point-to-point connections via the ipsec server.
I think you might not even need to configure a server ip for this, as pppd will put the
"local ip" from xl2tpd.conf on the individual pppX interfaces for each client.

L2TP is also supported on all standard Windows/OSX platforms, so this requires no additional
software to be installed on the clients.


More information about the Users mailing list