[Openswan Users] config check/advice

Paul Wouters paul at xelerance.com
Thu Jul 7 10:12:58 EDT 2011

On Wed, 6 Jul 2011, Richard Pickett wrote:

> if you enable nat_traversal=yes on the server side, you generally want to fill in virtual_private=
> The example in the man page should work fine.
> My private net is, I'm only letting "Admins" get to it, so I'm setting it like this:
> virtual_private=%v:!

virtual_private is about what network the *clients* can be on behind NAT. It can be "Everything RFC1918
except the RFC1918 space you are using on the server side".

Note that you will also need a rigtsubnet=vhost:%no,%priv


More information about the Users mailing list