Differences

This shows you the differences between two versions of the page.

doc:howto:vpn.ipsec.roadwarrior.racoon [2013/01/14 20:05]
birnenschnitzel
doc:howto:vpn.ipsec.roadwarrior.racoon [2014/03/27 03:15] (current)
jaf323
Line 1: Line 1:
====== IPSec Road Warrior Configuration ====== ====== IPSec Road Warrior Configuration ======
 +| For an overview over all existing Virtual private network (VPN)-related articles in the OpenWrt wiki, please visit [[doc/howto/vpn.overview]] |
:!: This page is about racoon. The new strongwang documentation can be found [[vpn.ipsec.roadwarrior|here]]. :!: This page is about racoon. The new strongwang documentation can be found [[vpn.ipsec.roadwarrior|here]].
Line 14: Line 14:
  * To make it not too easy we once again want to provide access to two different company networks. ACME LAN with addresses 10.1.2.0/24 and ACME DMZ with 66.77.88.192/26.   * To make it not too easy we once again want to provide access to two different company networks. ACME LAN with addresses 10.1.2.0/24 and ACME DMZ with 66.77.88.192/26.
-  * A laptop that connects to a VPN network is assigned a "secondary VPN inside IP" on a virtual VPN adapter. Our roadwarriors should get IP addresses from the range 192.0.2.0/24. This way they can reach the normal outside network when using the primary network adapter and the company network through their virtual address 192.0.2.X. In case you are not familiar with private IP address ranges you should have look in [[http://en.wikipedia.org/wiki/IPv4|Wikipedia]]. If you are in the wild your laptop very often gets DHCP addresses from the most common private networks (10.0.0.0/8, 172.16.0.0/12 or 192.168.0.0/16). To avoid routing conflicts between the locally connected and the VPN network this special test network has proven to be the best choice for VPN configurations.+  * A laptop that connects to a VPN network is assigned a "secondary VPN inside IP" on a virtual VPN adapter. Our roadwarriors should get IP addresses from the range 192.0.2.0/24. This way they can reach the normal outside network when using the primary network adapter and the company network through their virtual address 192.0.2.X. (*NOTE* that this is inherently INSECURE, because it opens up the possibility of using the laptop as a bridge from the wild to your internal network. A more secure practice is to pass ALL traffic through the VPN when connected, thus giving the laptop the benefit of any firewall/proxy support on the other side.) In case you are not familiar with private IP address ranges you should have look in [[http://en.wikipedia.org/wiki/IPv4|Wikipedia]]. If you are in the wild your laptop very often gets DHCP addresses from the most common private networks (10.0.0.0/8, 172.16.0.0/12 or 192.168.0.0/16). To avoid routing conflicts between the locally connected and the VPN network this special test network has proven to be the best choice for VPN configurations.

Back to top

doc/howto/vpn.ipsec.roadwarrior.racoon.1358190301.txt.bz2 · Last modified: 2013/01/14 20:05 by birnenschnitzel