[Openswan Users] Routing problem
Paul Wouters
paul at xelerance.com
Mon Jan 24 09:35:38 EST 2011
On Sun, 23 Jan 2011, alet at librelogiciel.com wrote:
> As I described in a previous message I've got one very specific
> roadwarrior, for which I'd like to have xl2tpd+pppd always assign the
> same IP address. I've finally managed to make this work as well
> Now this very specific roadwarrior has to be a gateway for the whole
> subnet behind it, but as soon as I add "rightsubnet=192.168.128.0/24"
You can't at the IPsec level. L2TP is Transport Mode, not Tunnel
Mode. You cannot use L2TP in this matter. You have to setup a "pure"
IPsec connection (no l2tp) for this to work.
> The solution I've tried so far is to not define a "rightsubnet" line in
> this roadwarrior's ipsec.conf, but to create a script in
> /etc/ppp/ip-up.d/ on the VPN gateway which, when the PPP's PEERNAME
> environment variable matches this roadwarrior's username, creates the
> route to 192.168.128.0/24 manually.
Using routing to your l2tp assigned IP is a clever way of doing it. I
don't think you can make it any better without redoing the IPsec
connection without l2tp.
Paul
More information about the Users
mailing list