[Openswan Users] [Fwd: Openswan and NAT on "both ends"]
Mark Frost
mfrost at westnet.com
Wed May 12 22:25:19 CEST 2004
Hello. I'm trying to get the following setup working using Openswan:
192.168.1.0/24 roadwarrior net
|
|
|
Linksys router (doing NAT)
||
||
||
Internet
||
||
========================================
|| ||
|| ||
OpenSwan 2.1.2rc4 NexLan router
gateway |
| |
| |
----------------------------------------
|
|
172.16.0.0/16 internal net
I'm not sure how much sense this drawing makes but essentially, there
are two paths from the Internet into the 172.16.0.0/16 subnet for
redundancy. I believe that the NAT is actually being done only on the
NexLan router side. That is, the OpenSwan gateway does not do NAT, but
rather has an external and an internal ethernet interface. I'm also not
positive, but I believe that hosts on the 172.16.0.0 subnet have a
default route that goes back through the NexLan box.
The important thing here is that the networks on both ends are NAT'd.
Is this even possible? I've brought up a connection from a linux host
on the roadwarrior network side, but if I try to ping any host on the
172.16.0.0 subnet (with the exception of the internal interface on the
gateway), pings don't go through and I'm suspecting a routing issue.
I saw something that seemed to say that L2TP might be the only way to
solve this, however, it kinda looks like L2TP is only for Windows
boxes. Or at least, I haven't seen information about running L2TP with
a Linux client. I have both Linux and Windows clients on the roadwarrior
network side that need to connect to the 172.16.0.0 subnet.
I've invested a lot of time up to this point in trying to understand
FreeSwan/OpenSwan and the further I go, the more I see where I might
have problems. What I'm really trying to understand at this point, is
if this is even possible to do and if so, what method I need to take to
get this working.
Thanks
Mark
More information about the Users
mailing list