[Openswan dev] Re: [Users] routing problem with NAT?
Nate Carlson
natecars at natecarlson.com
Tue Mar 16 09:14:27 CET 2004
On Tue, 16 Mar 2004, pi wrote:
> Correct, I use this patch. kernel 2.4.25
>
> Mar 15 23:21:34 moulinsart pluto[22523]: including NAT-Traversal patch (Version 0.6b)
>
> Ok, so what is the objective of NAT-T patch ?
AFAIK, it's to allow roadwarriors behind a NAT gateway to connect to a
IPSec server, and the networks behind it. You use the Xsubnet= to specify
what internal IP address the NAT'd box is using, and I'm fairly certain
there's not a way to also have a subnet behind it, without doing something
exotic like gre tunnels over the ipsec link.
> Enclosed, you'll find the configuration including both ipsec.config Can
> someone explain to me what addresses to put in ipsec.config for
> moulinsart (behind NAT)
You won't be able to specify the local subnet. So, on the moulinsart side,
you'll need to remote 'leftsubnet' (for the local network); and on the
patty side, you'll need to change 'rightsubnet' to the internal NAT
address of moulinsart.
------------------------------------------------------------------------
| nate carlson | natecars at natecarlson.com | http://www.natecarlson.com |
| depriving some poor village of its idiot since 1981 |
------------------------------------------------------------------------
More information about the Dev
mailing list