[strongSwan] Home network config

Razza razza30 at gmail.com
Fri Feb 19 13:52:58 CET 2010 

Hi Daniel,
I was thinking of the bundled L2TP/IPsec client, I don't mind paying for a
VPN client if there are better/more flexible options. If the client is over
£30 ($40) I would rather just buy Win 7.
I am happy with a different range, say 192.168.1.0/24 for the VPN users.

Kind regards,


On 19 February 2010 12:29, Daniel Mentz <
danielml+mailinglists.strongswan at sent.com<danielml%2Bmailinglists.strongswan at sent.com>
> wrote:

> Hi Razza,
>
> you need to setup your DSL/NAT Router to forward UDP datagrams destined for
> ports 500 and 4500 to your strongSwan box.
> You said that you want to allocate IP addresses for road warriors inside
> the 192.168.10.0/24 range. This could be difficult to achieve. Can you
> waive this requirement and come up with a separate IP prefix for road
> warriors? Like 10.x.y.0/24? This would make things much easier.
>
> I'm using this kind of setup for Win7 clients. Which IPsec client software
> do you want to use on Windows XP?
>
> -Daniel
>
>
> Razza wrote:
>
>> Hi all, I’m new to the list and am looking for a bit of advice. I’ve
>> looked
>> around but can’t find any examples close to what I want to achieve,
>> probably
>> because it’s flawed from a purists security view point. Anyway, I want to
>> use strongSwan in a home network environment, mainly so I can access home
>> network machines whilst I’m away. E.g. ssh to my asterisk server, RDP/VNC
>> to
>> my partners machine etc.
>>
>>
>>
>> My network is as follows –
>>
>>
>>
>> 192.168.10.0/24 -- | 192.168.10.1 | | Dynamic RIPE IP | -- Internet
>>
>>  Home Network     |  Inside i/f  | |   Outside i/f   |
>>
>>                   |         DSL/NAT Router           |
>>
>>
>>
>> As I only have a single RIPE address on my DSL, I intend to port forward
>> necessary ports to a single interface on my strongSwan box.
>>
>> My strongSwan box will have an address in the range 192.168.10.0/24. I
>> would
>> prefer to have a singe physical interface if possible, but could have two.
>>
>> When I connect from an internet connected machine (soon Win7, currently
>> XP),
>> I would like to be allocated a virtual IP in the range of my home network
>> (
>> 192.168.10.0/24).
>>
>>
>> Is this possible?
>> _______________________________________________
>> Users mailing list
>> Users at lists.strongswan.org
>> https://lists.strongswan.org/mailman/listinfo/users
>>
>
>

More information about the Users mailing list