[Openswan Users] NAT not needed on both sides
Marcel J.E. Mol
marcel at mesa.nl
Tue Apr 6 12:30:01 CEST 2004
On Tue, Apr 06, 2004 at 12:34:50AM +0100, Tiago Freitas Leal wrote:
> On http://wiki.openswan.org/index.php/Firewalls it says:
>
> [quote]
> If you are NATing (Network Address Translation) the traffic on one, or both sides, you will need to make sure you have NATTraversal support on both gateways.
> [unquote]
>
> I tried to connect computer A (not NATed) and computer B (NATed). I was using SFS 1.99.8. NAT traversal was enabled on both sides. Connection failed until I disabled NAT traversal on one side:
> - I disabled it on computer A (not NATed), enabled it on the other side and it worked.
> - I disabled it on computer B (NATed), enabled it on the other side and it worked.
Same here: openswan 1.0.2 on a non-NATed hostA and NATed hostB.
When nat_traversal=yes on both hosts the connection fails.
When nat_raversal=no on hostB it works fine.
I have not completely determined this yet for a windows XP machine as hostB, but
so far the connection it seems to work fine on a plain winxp machine using
the vpn.bootis.de tool. (e.g. without service pack 1). So without NAT support
on the windows side, which is added with service pack 1 I believe (can anyone
confim this last statement?)
Thanks,
-Marcel
--
======-------- Marcel J.E. Mol MESA Consulting B.V.
=======--------- ph. +31-(0)6-54724868 P.O. Box 112
=======--------- marcel at mesa.nl 2630 AC Nootdorp
__==== www.mesa.nl ---____U_n_i_x______I_n_t_e_r_n_e_t____ The Netherlands ____
They couldn't think of a number, Linux user 1148 -- counter.li.org
so they gave me a name! -- Rupert Hine -- www.ruperthine.com
More information about the Users
mailing list