From: Mark Chesterfield (mchesterfield_at_agentissoftware.com)
Date: Mon Sep 02 2002 - 06:43:39 CEST
Hi,
This is a simplified view of our network structure:
Public Internet Private Network
(192.168.0.0/17 (USA)
+-------------+ +------------+ | +----------------+
| Roadwarrior | IPSEC | Freeswan | | | Lan Clients |
| W2K |===========| Gw & X509 |----|----| Lan Servers |
+-------------+ +------------+ | +----------------+
||
|| IPSEC
||
|
+-------------+ +------------+ | +----------------+
| Roadwarrior | IPSEC | Freeswan | | | Lan Clients |
| W2K |===========| Gw & X509 |----|----| Lan Servers |
+-------------+ +------------+ | +----------------+
(192.168.128.0/17) (AUS)
We're currently using the ipsec.exe tool from http://vpn.ebootis.de
for the w2k side.
My problem is that the Windows RoadWarriors end up with a public ip
address which is then not routed correctly over the VPN between
USA and AUS.
I've seen the new DHCP-over-IPsec info and I think this will address
the routing issue as it allows me to allocate a private address to
the windows client.
I've also seen posts in this mailing list that discuss getting
dhcprelay going with the SSH Sentinal product so that's a
possibility.
Will dhcprelay work with w2k using marcus's ipsec.exe ?
If so, are there examples around that show how this works ?
Are there other W2K/XP client possibilities apart from Sentinal
BTW, I'm aware that I can get around the problem by just creating
tunnels to each freeswan gateway. I'd prefer not to go down that
path.
-- Mark Chesterfield Email: mchesterfield_at_agentissoftware.com Agentis International Phone: +61 3 83412600 Level 2, 33 Lincoln Square South, Direct: +61 3 83412604 Carlton, Victoria, 3053, Australia Fax: +61 3 83412626_______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.4 : Mon Sep 02 2002 - 09:19:56 CEST