hi, <br><br>i am having issues setting up a vpn through routers on both ends. this has been working for months on a LAN but now i would like to have remote capabilities to my parents house. it might just be a concept problem that maybe somebody can help me understand why it wont work. <br>
<br>to make this easier, i have a link to a picture of the network:<br><a href="http://i76.photobucket.com/albums/j24/the_genrl/openswan/HWN_vpn_setup_v1_3jan2009.png">http://i76.photobucket.com/albums/j24/the_genrl/openswan/HWN_vpn_setup_v1_3jan2009.png</a><br>
<br>computers "left" and "right" are computers running the same version of openswan.<br>Linux Openswan U2.6.22/K2.6.31-14-generic (netkey)<br><br>"router a" runs smoothwall express 3.0, has udp ports 500, 4500 forwarded to "left" <br>
"route b" is just a configurable one-port-in-one-port-out modem, so it kinda needs to be there.<br>"router c" runs smoothwall express 3.0, has udp ports 500, 4500 forwarded to "right"<br><br>
when configuring ipsec.conf, i noticed "left=" and "right=" would have to be class c type address and was worried they wouldn't make it through the internet. <br><br>### start ipsec.conf ###<br><br>
version 2.0 # conforms to second version of ipsec.conf specification<br><br>config setup<br> nat_traversal=yes<br> oe=off<br> protostack=netkey<br> interfaces=%defaultroute<br>
<br>
conn %default<br>
authby=rsasig<br>
<br>
conn test123<br>
type=tunnel<br>
left=192.168.1.200<br>
leftrsasigkey=0sAQOoWg...<br>
right=192.168.98.200<br>
rightrsasigkey=0sAQNqp5...<br>
auto=start<br><br>### end ipsec.conf ###<br><br>are there configuration parameters to ensure the isakmp messages can be routed properly through the nat routers on both sides? i am a stuck with "if this can work, how will it work?" maybe if there is a way to let, lets say, "left" have a the global ip with a specific port(s). that sounds more like a router issue though. <br>
<br><br><br><br>please be kind i am relatively new to openswan and using ipsec.<br><br>thanks for your time,<br><br>-dave<br>