[Openswan Users] defining connection

giovanni.m at agilemovement.it giovanni.m at agilemovement.it
Fri Jun 18 08:10:01 CEST 2004


"John A. Sullivan III" <john.sullivan at nexusmgmt.com> said:

> On Thu, 2004-06-17 at 08:28, giovanni.m at agilemovement.it wrote:
> > Ciao,
> > 
> > I'm using superfreeswan with nat-t to connect two servers using
> > certificate-based authentication. It works very well from location A to
> > location B, meaning that from A I can reach clients behind B. I can not get
> > from B to clients behind the gateway A.

> However, I am surprised this is working at all.  As far as I know,
> OpenSWAN provides a NAT-T gateway but not a NAT-T client.  How does B
> find A across the Internet if A has an address of 192.168.0.1? I know B
> is set to %any so it will accept the packet from the NAT address of A
> but I would think the tunnel end point definitions will not match.  Are
> you testing on a local network rather than across the Internet? Then
> again, perhaps something has changed as I have not stayed current with
> *swan development for a while.

OK. You're right on this. I don't think I can go from B to A. I was trying to
do the impossible.

A to B continues to work perfectly, of course.

Giovanni



More information about the Users mailing list