I have a double NAT setup, and I'm trying to bridge two sides - a local and a remote - of the same subnet via Openswan and Proxy ARP. Yes, it's goofy. :)<div><br></div><div>Here's a rough diagram of the setup:</div>
<div><br></div><div>[ local network ] -> [ local openswan ] -> campus network NAT -> Internet</div><div>Internet -> [ remote openswan / firewall ] -> remote network NAT -> [ remote network ]</div><div><br>
</div><div>I can get everything to work, and with Proxy ARP, I can establish communication between the local and remote networks. However, I lose my connection after some time - most recently it lasted 45 hours. </div><div>
<br></div><div>What I'm looking for this connection to be up 24/7. I can probably write a Perl script to bring up the connection if it goes down, but I'd rather keep the connection up.</div><div><br></div><div><br>
</div><div>local ipsec.conf:</div><div><br></div><div><div>config setup</div><div> protostack=netkey</div><div><br></div><div>conn L2TP-PSK-CLIENT</div><div> authby=secret</div><div> pfs=no</div><div>
rekey=yes</div><div> keyingtries=3</div><div> type=transport</div><div> left=%defaultroute</div><div> leftprotoport=17/1701</div><div> right=X.X.19.22 </div><div> rightprotoport=17/1701</div>
<div> auto=add</div></div><div><br></div><div>remote ipsec.conf:</div><div><br></div><div><div>config setup</div><div> oe=off</div><div> protostack=netkey</div><div> nat_traversal=yes</div><div><br></div><div>
conn L2TP-PSK-NAT</div><div> rightsubnet=vhost:%no</div><div> also=L2TP-PSK-noNAT</div><div><br></div><div>conn L2TP-PSK-noNAT</div><div> authby=secret</div><div> pfs=no</div><div> auto=add</div><div> keyingtries=3</div>
<div> rekey=no</div><div> ikelifetime=8h</div><div> keylife=1h</div><div> type=transport</div><div> left=X.X.19.22</div><div> leftprotoport=17/1701</div><div> right=%any</div><div> rightprotoport=17/%any</div>
</div><div><br></div><div><br></div><div><br clear="all"><div><br></div>-- <br><div><span>-</span></div><span>Kit</span> <span>Peters</span> (W0KEH), Engineer II<br>
KMOS TV Channel 6 / KTBG 90.9 FM<br>
University of Central Missouri<br>
<a href="http://kmos.org/" target="_blank">http://kmos.org/</a> | <a href="http://ktbg.fm/" target="_blank">http://ktbg.fm/</a><br>
</div>