[Openswan Users] config check/advice
paul at xelerance.com
Thu Jul 7 10:12:58 EDT 2011
On Wed, 6 Jul 2011, Richard Pickett wrote:
> if you enable nat_traversal=yes on the server side, you generally want to fill in virtual_private=
> The example in the man page should work fine.
> My private net is 10.0.1.0/24, I'm only letting "Admins" get to it, so I'm setting it like this:
virtual_private is about what network the *clients* can be on behind NAT. It can be "Everything RFC1918
except the RFC1918 space you are using on the server side".
Note that you will also need a rigtsubnet=vhost:%no,%priv
More information about the Users