[Openswan Users] NAT not needed on both sides

Marcel J.E. Mol marcel at mesa.nl
Tue Apr 6 12:30:01 CEST 2004

On Tue, Apr 06, 2004 at 12:34:50AM +0100, Tiago Freitas Leal wrote:
> On http://wiki.openswan.org/index.php/Firewalls it says:
> [quote]
> If you are NATing (Network Address Translation) the traffic on one, or both sides, you will need to make sure you have NATTraversal support on both gateways.
> [unquote]
> I tried to connect computer A (not NATed) and computer B (NATed). I was using SFS 1.99.8. NAT traversal was enabled on both sides. Connection failed until I disabled NAT traversal on one side:
>  - I disabled it on computer A (not NATed), enabled it on the other side and it worked.
>  - I disabled it on computer B (NATed), enabled it on the other side and it worked.

Same here: openswan 1.0.2 on a non-NATed hostA and NATed hostB.
When nat_traversal=yes on both hosts the connection fails.
When nat_raversal=no on hostB it works fine.

I have not completely determined this yet for a windows XP machine as hostB, but 
so far the connection it seems to work fine on a plain winxp machine using
the vpn.bootis.de tool. (e.g. without service pack 1). So without NAT support
on the windows side, which is added with service pack 1 I believe (can anyone
confim this last statement?)


     ======--------         Marcel J.E. Mol                MESA Consulting B.V.
    =======---------        ph. +31-(0)6-54724868          P.O. Box 112
    =======---------        marcel at mesa.nl                 2630 AC  Nootdorp
__==== www.mesa.nl ---____U_n_i_x______I_n_t_e_r_n_e_t____ The Netherlands ____
 They couldn't think of a number,           Linux user 1148  --  counter.li.org
    so they gave me a name!  -- Rupert Hine  --  www.ruperthine.com

More information about the Users mailing list