On Wednesday 06 November 2002 11:42, Chris Price wrote: > > I have working configurations for ipsec 'road warriors' > > connecting via SSH Sentinel. What I would like to do is be able > > to have a dhcp assigned address from my internal subnet assigned to > > these 'road warrior' connections when they conect via ipsec. > > OK, to clarify, I'd like to assign a 'virtual ip' via the SSH > Sentinel software functionality to a ipsec'd roadwarrior client. > > The biggest issue I have is when my users VPN in, they can browse > internal network pieces, but cannot browse external > websites/resources. They are essentially demanding that I provide > external resource access while they are connected via ipsec.
This sounds as if the road-warrior boxes are actually changing their ip addresses instead of using the "virtual ip" for only the ipsec traffic. I can't say that I've ever ran into this, so we'll need the exact configuration options you are using on the client/server or you can choose to thoroughly read the FreeS/WAN documentation on this and locate the problem yourself. I would bet on the routing table being wrong (ie.... the virtual ip becomes the default route), but that is a WAG based on lack of information to work with. -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
