[strongSwan] Home network config

Fri Feb 19 13:29:54 CET 2010

Hi Razza,

you need to setup your DSL/NAT Router to forward UDP datagrams destined 
for ports 500 and 4500 to your strongSwan box.
You said that you want to allocate IP addresses for road warriors inside 
the 192.168.10.0/24 range. This could be difficult to achieve. Can you 
waive this requirement and come up with a separate IP prefix for road 
warriors? Like 10.x.y.0/24? This would make things much easier.

I'm using this kind of setup for Win7 clients. Which IPsec client 
software do you want to use on Windows XP?

-Daniel

Razza wrote:
> Hi all, I’m new to the list and am looking for a bit of advice. I’ve looked
> around but can’t find any examples close to what I want to achieve, probably
> because it’s flawed from a purists security view point. Anyway, I want to
> use strongSwan in a home network environment, mainly so I can access home
> network machines whilst I’m away. E.g. ssh to my asterisk server, RDP/VNC to
> my partners machine etc.
> 
> 
> 
> My network is as follows –
> 
> 
> 
> 192.168.10.0/24 -- | 192.168.10.1 | | Dynamic RIPE IP | -- Internet
> 
>   Home Network     |  Inside i/f  | |   Outside i/f   |
> 
>                    |         DSL/NAT Router           |
> 
> 
> 
> As I only have a single RIPE address on my DSL, I intend to port forward
> necessary ports to a single interface on my strongSwan box.
> 
> My strongSwan box will have an address in the range 192.168.10.0/24. I would
> prefer to have a singe physical interface if possible, but could have two.
> 
> When I connect from an internet connected machine (soon Win7, currently XP),
> I would like to be allocated a virtual IP in the range of my home network (
> 192.168.10.0/24).
> 
> 
> Is this possible?
> _______________________________________________
> Users mailing list
> Users at lists.strongswan.org
> https://lists.strongswan.org/mailman/listinfo/users