[Openswan Users] virtual_private exclude question

Simon Deziel simon at xelerance.com
Fri Jan 17 14:42:16 EST 2014


On 14-01-17 02:05 PM, Mike James wrote:
> I searched but didn’t see any answer / explanation of this. In my xl2tpd
> config for remote workers, I’ve used a different subnet to hand out IPs.
> Do I have to exclude that subnet in virtual_private declaration in
> ipsec.conf?
> 
> /etc/xl2tpd/xl2tpd.conf
> 
> [global]
>    ipsec saref = no
>    listen-addr = 192.168.1.250
> 
> [lns default]
>    ip range = 192.168.140.2-192.168.140.254
>    local ip = 192.168.140.1
>    refuse chap = yes
>    refuse pap = yes
>    require authentication = yes
>    ppp debug = yes
>    pppoptfile = /etc/ppp/options
>    length bit = yes
> 
> Should virtual_private exclude both 192.168.1.0/24 and 192.168.140.0/24?

Yes.

Simon



More information about the Users mailing list