Re: [Users] linux laptop to company vpn.

From: Geir Ove Øksnes (geir.oksnes_at_aicon.no)
Date: Fri Nov 22 2002 - 20:29:14 CET

• Next message: Sam Sgro: "Re: [Users] INTERNAL ERROR - SA specifier lacks valid protocol prefix"
• Previous message: Joshua Jackson: "Re: [Users] IPSec + L2TP VPN to MS firewall (ISA) working !"
• In reply to: Sam Sgro: "Re: [Users] linux laptop to company vpn."
• Next in thread: Sam Sgro: "Re: [Users] linux laptop to company vpn."
• Reply: Sam Sgro: "Re: [Users] linux laptop to company vpn."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello
tanks for the answer but the vpn is working for the people on my lan
but NOT for me on the laptop. Im not using the patch you are refering to.
Are this patch the solution for me?

Everything works just nice on the vpn exept from laptop that is the ipsec gw
to remote lan.

Best reg.
Geir Ove Oeksnes

On Friday 22 November 2002 20:20, Sam Sgro wrote:
> > Is it possible to make a linux laptop to work
> > with freeswan to a linux vpn freeswan? so it will be a part of the
> > network?
> >
> > I use the laptop at work in 10 different firms. and all firms have a
> > freeswan ipsec server. The laptop i have must be able to connect to all
> > locations, but not at once. This is for remote management off servers
> > etc.
> > All locations have a roadwarrior setup for this, but now i have to access
> > the network from a workstation in the network im in and use the laptop as
> > a gw.
>
> So, you need to access the remote network from a machine in your home
> network - "behind" your laptop, as opposed to your laptop itself.
>
> > Is it a patch for ipsec/freeswan that can fix my problem to ping from
> > ipsec gw to remote lan? I think that will solve my problem.
>
> You need to add your home network (or at least a /32 representing that
> workstation) as an "authorized" network to the tunnel. Currently, you've
> got a host-to-subnet tunnel defined - so your laptop can communicate with
> the remote subnets. You need to add a subnet-to-subnet tunnel for this to
> work.
>
> I presume you're using RSA keys or X.509 certficiates for this endevor; in
> that case, just make an additional connection, that specifically includes
> your id/cert, and that uses:
>
> right=%any
> rightsubnet=10.20.20.0/24 (or whatever your home IP range is.)
>
> Then, on the home network, make sure the workstation knows to use your
> laptop as gateway (for that remote IP range, at least).
>
> I suppose you could do some sort of complex iptables setup on the laptop,
> so that packets are MASQUERADEd before they ever the ipsec machinery.
> However, this is harder than it looks.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE93oWOb/lSL1yQhnYRAv78AJ9w/XzwsZgLJ4pvXYWSXka+aXkLmwCdHqQi
1KfadBDQsVacJO3IaXsVRZg=
=+BdC
-----END PGP SIGNATURE-----

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Sam Sgro: "Re: [Users] INTERNAL ERROR - SA specifier lacks valid protocol prefix"
• Previous message: Joshua Jackson: "Re: [Users] IPSec + L2TP VPN to MS firewall (ISA) working !"
• In reply to: Sam Sgro: "Re: [Users] linux laptop to company vpn."
• Next in thread: Sam Sgro: "Re: [Users] linux laptop to company vpn."
• Reply: Sam Sgro: "Re: [Users] linux laptop to company vpn."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Sat Nov 23 2002 - 05:20:42 CET