You are right that conn roadwarrior is not needed if you do not want
to reach the VPN gateway itself:
Regards
Andreas
Adriano Nagelschmidt Rodrigues wrote:
>
> Hi,
>
> Maybe I didn't RTFM'ed enough, sorry... I would like to make sure I
> understand the basics to be able to debug a failed attempt to build a
> VPN...
>
> Let's say I want to give roadwarriors access to the 192.168.42/24 net
> that lies behind masquerading gateway [A]. Host [B] in the DMZ is the
> VPN gateway.
>
> * Do I actually need two connection specifications, as in
>
> conn roadwarrior
> right=%any
>
> conn roadwarrior-net
> leftsubnet=192.168.42.0/255.255.255.0
> right=%any
>
> Would the `roadwarrior-net' specification be enough, if the clients
> don't need to access host [B]?
>
> * Packets that leave the secure tunnel from [B] should be routed to
> [A]. [A] should send the replies back to [B], which in turn tunnels
> them back to the other end.
>
> How is this accomplished? Is [B] configured to SNAT packets coming
> out of the tunnel? Is it automatic or should I create the rules via
> iptables?
>
> Thanks,
>
> --
> Adriano
> _______________________________________________
> Users mailing list
> Users_at_lists.freeswan.org
> http://lists.freeswan.org/mailman/listinfo/users
-- ====================================================================== Andreas Steffen e-mail: andreas.steffen_at_zhwin.ch Zuercher Hochschule Winterthur home: http://www.zhwin.ch/~sna/ CH-8401 Winterthur (Switzerland) phone: +41 76 340 25 56 ===============================================================[ZHW]== _______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:06 CEST