In trying to set up a VPN for my office, we seem to have come into an interesting network arrangement where plain-old-ipsec dosnt seem to complete the job. The basic situation is the network has 2 gateways- one is a SonicWall device, the other a basic gateway. Connecting to the network via the sonicwall happens easily with FreeSWAN or just about any other IPSec implementation. The problem is when this connection is made, the client is not given an ip on the private network. Whatever device they talk to sees the clients public ip. Since many of our servers do not have their gateway set to the sonicwall device, the pacets return trip is a different route, which never completes. The solution is to make the packets source route back to the sonicwall in some way, the way most obvious to me is to give the client an ip on the private network after connecting. Since the ipsec standard does not define a method to do this, I figured PPPoE or PPTP would be a good choice. The basic steps would be: 1. Connect to VPN 2. Connect to PPPoE (or PPTP) server to get a private network address. The problem I see with this, is the routing on the client end. When FreeSWAN is set up, it sets up a weird route to the ipsec0 device for that network. If you now had a ppp interface on that network, how would this work? Is this the right solution, or is there a better way? Jay -- Jay Kline http://www.slushpupie.com _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list