[Openswan Users] Help with WinXP behind NAT as client

Nate Carlson natecars at natecarlson.com
Fri Mar 26 09:25:40 CET 2004

On Fri, 26 Mar 2004, Leonard Tulipan wrote:
> conn roadwarrior
>         right=%any
>         rightcert=RoadWarrior1Cert.pem
>         rightsubnet=
>         left=%defaultroute
>         auto=add
>         pfs=yes

Why the rightsubnet= Is the box behind a NAT gateway?

If so, you'll probably want to turn nat_traversal on, and configure the 
rightsubnet=%vhost/rightsubnetwithin settings.

Also, you don't need to specify rightcert, as long as the client 
certificate has been signed by the CA cert that you have configured.

| nate carlson | natecars at natecarlson.com | http://www.natecarlson.com |
|       depriving some poor village of its idiot since 1981            |

More information about the Users mailing list