[Openswan dev] Re: [Users] routing problem with NAT?

Nate Carlson natecars at natecarlson.com
Tue Mar 16 09:14:27 CET 2004

On Tue, 16 Mar 2004, pi wrote:
> Correct, I use this patch. kernel 2.4.25
> Mar 15 23:21:34 moulinsart pluto[22523]:   including NAT-Traversal patch (Version 0.6b)
> Ok, so what is the objective of NAT-T patch ?

AFAIK, it's to allow roadwarriors behind a NAT gateway to connect to a 
IPSec server, and the networks behind it. You use the Xsubnet= to specify 
what internal IP address the NAT'd box is using, and I'm fairly certain 
there's not a way to also have a subnet behind it, without doing something 
exotic like gre tunnels over the ipsec link.

> Enclosed, you'll find the configuration including both ipsec.config Can
> someone explain to me what addresses to put in ipsec.config for
> moulinsart (behind NAT)

You won't be able to specify the local subnet. So, on the moulinsart side,
you'll need to remote 'leftsubnet' (for the local network); and on the
patty side, you'll need to change 'rightsubnet' to the internal NAT
address of moulinsart.

| nate carlson | natecars at natecarlson.com | http://www.natecarlson.com |
|       depriving some poor village of its idiot since 1981            |

More information about the Dev mailing list