In trying to set up a VPN for my office, we seem to have come into an 
interesting network arrangement where plain-old-ipsec dosnt seem to complete 
the job.  The basic situation is the network has 2 gateways- one is a 
SonicWall device, the other a basic gateway.  Connecting to the network via 
the sonicwall happens easily with FreeSWAN or just about any other IPSec 
implementation.  The problem is when this connection is made, the client is 
not given an ip on the private network.  Whatever device they talk to sees 
the clients public ip. Since many of our servers do not have their gateway 
set to the sonicwall device,  the pacets return trip is a different route, 
which never completes. The solution is to make the packets source route back 
to the sonicwall in some way, the way most obvious to me is to give the 
client an ip on the private network after connecting.  Since the ipsec 
standard does not define a method to do this, I figured PPPoE or PPTP would 
be a good choice.  The basic steps would be:

1. Connect to VPN
2. Connect to PPPoE (or PPTP) server to get a private network address.

The problem I see with this, is the routing on the client end.  When FreeSWAN 
is set up, it sets up a weird route to the ipsec0 device for that network. If 
you now had a ppp interface on that network, how would this work? Is this the 
right solution, or is there a better way?

Jay


-- 
Jay Kline
http://www.slushpupie.com


_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list