[Openswan Users] A few questions... I'd like to RTFM, but...
Troy Telford
ttelford.groups at gmail.com
Sat Sep 4 18:00:13 EDT 2010
I've been trying to figure out how to install OpenSwan (2.6.28) on a
Debian Linux system; I have the Openswan book, and have also looked
around online. My setup is intended to be a "road warrior" setup,
allowing others to connect securely to my LAN.
I've been setting it up to use certificates, and the book is most
helpful there, however there are a few things that are still unclear to
me:
1.) How are 'internal' VPN'd IP addresses handled for a 'pure' IPsec
connection? So far, it seems that the 'internal' IP address needs to
be configured statically, and part of my brain refuses to accept that
static IP address assignment is the only option for pure IPsec... Is
there a mechanism for an internal IP address to be auto-assigned after
an IPSec connection is established?
2.) If I want to have 'nice' things automatically assigned to my VPN
clients via DHCP (like assigning an IP addresses, an internal DNS
server, etc.) is L2TP the only way to do it?
3.) In examples and in the mailing list archive, I keep seeing:
rightsubnet=vhost:%no,%priv
I cannot find where the vhost: is documented; I'm curious about what
it's for, as well as the arguments it's providing. I certainly can't
find the documentation in 'man ipsec.conf'
4.) This is mainly curiosity: The Openswan book has a chapter
dedicated to opportunistic encryption - just how commonly is OE used on
the internet at large? Since my site is merely a 'consumer' of data,
not a producer, is it likely that I'd end up using OE if I were to set
it up? Or would it be more of an academic excersise...
Thanks
More information about the Users
mailing list