From: Sam Sgro (sam_at_freeswan.org)
Date: Mon Nov 25 2002 - 03:58:08 CET
-----BEGIN PGP SIGNED MESSAGE-----
On Sun, 24 Nov 2002, Bjørn Rasmussen wrote:
> Can anybody provide an example-config. (ipsec.exe util/freeswan side) or
> doc. for this network-setup:
>
> w2k/xp-ipsec
> (priv.ip)<->(priv.ip)router(dyn.ip)<-internet->(pub.ip)frees/wan-fw-rout
> er(priv.ip)<->network(priv.ip)
>
> Typical: W2k home-user with adsl-modem and masqurading router delivered
> from the telephone company.
>
> I manage to get the w2k-client to work as an ordinary x.509 roadwarrior,
> but not from inside a home-network with masquerading router.
Make sure IPSec Passthrough is on on the ADSL masquerading router. Make a new
connection in ipsec.conf, just like your x.509 roadwarriors are right now, but
add the rightsubnet parameter to be the non-routeable IP of the Roadwarrior.
(ie, if the W2k home user was given an IP of 192.168.20.120 by its router, the
new connection should use "rightsubnet=192.168.20.120/32")
You can also set a range of non-routeable IPs that are allowed by Roadwarrior
connections; search the x.509 Installation and Configuration guide for
"rightsubnetwithin":
http://www.strongsec.com/freeswan/install.htm
- --
Sam Sgro
sam_at_freeswan.org
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: For the matching public key, finger the Reply-To: address.
iQCVAwUBPeGRwUOSC4btEQUtAQFJJwP9GlY7zt1lJEXjzls7ZLi5hpV9JwlgMYBp
FEfc4Y1VIULGzVRduxSgqhgnTpDzxJZ3NtgUhHfWWmEuUiryYe9vZcnpFzZ+DtDW
Ov2JXMaKBzSNPmaiNFjnQnnG+W6FIKWxnOz94kmzJXc58KaJ4UpfC6u/yX0FDabg
9bM87F04A2Q=
=Ku4v
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Tue Nov 26 2002 - 05:20:48 CET