[Openswan Users] config check/advice
Paul Wouters
paul at xelerance.com
Thu Jul 7 10:12:58 EDT 2011
On Wed, 6 Jul 2011, Richard Pickett wrote:
>
> if you enable nat_traversal=yes on the server side, you generally want to fill in virtual_private=
> The example in the man page should work fine.
>
> My private net is 10.0.1.0/24, I'm only letting "Admins" get to it, so I'm setting it like this:
>
> virtual_private=%v:!10.0.1.0/24
virtual_private is about what network the *clients* can be on behind NAT. It can be "Everything RFC1918
except the RFC1918 space you are using on the server side".
Note that you will also need a rigtsubnet=vhost:%no,%priv
Paul
More information about the Users
mailing list