[Swan] libreswan/racoon interoperability problem with NAT-T
Paul Wouters
paul at nohats.ca
Mon Apr 24 03:22:01 UTC 2017
On Tue, 18 Apr 2017, Xinwei Hong wrote:
> Thank you Paul. It's finally working now.One more question, is the virtual_private required? When I omit it, things are still working in my setting. What's the default behavior when it's
> missing. I cannot find it in the man page of ipsec.conf.
virtual_private= is used to populate a variable %vhost. this can then
later be used, eg:
rightsubnet=vhost:%priv,%no
This is used to limit the IP of clients behind NAT that can be used,
although it is not used when the client is given an IP by the server,
or if the client has a subnet/mask that it is expected to use.
It is only used for IKEv1 and most for L2TP/IPsec.
Paul
More information about the Swan
mailing list