[Openswan Users] [Fwd: Openswan and NAT on "both ends"]

Mark Frost mfrost at westnet.com
Wed May 12 22:25:19 CEST 2004


Hello.  I'm trying to get the following setup working using Openswan:


             192.168.1.0/24  roadwarrior net
                            |
                            |
                            |
                 Linksys router (doing NAT)
                            ||
                            ||
                            ||
                          Internet
                            ||
                            ||
        ========================================
       ||                                     ||
       ||                                     ||
OpenSwan 2.1.2rc4                        NexLan router
    gateway                                   |
       |                                      |
       |                                      |
       ----------------------------------------
                          |
                          |
                172.16.0.0/16 internal net


I'm not sure how much sense this drawing makes but essentially, there 
are two paths from the Internet into the 172.16.0.0/16 subnet for 
redundancy.  I believe that the NAT is actually being done only on the 
NexLan router side.  That is, the OpenSwan gateway does not do NAT, but 
rather has an external and an internal ethernet interface.  I'm also not 
positive, but I believe that hosts on the 172.16.0.0 subnet have a 
default route that goes back through the NexLan box.

The important thing here is that the networks on both ends are NAT'd.  
Is this even possible?  I've brought up a connection from a linux host 
on the roadwarrior network side, but if I try to ping any host on the 
172.16.0.0 subnet (with the exception of the internal interface on the 
gateway), pings don't go through and I'm suspecting a routing issue.

I saw something that seemed to say that L2TP might be the only way to 
solve this, however, it kinda looks like L2TP is only for Windows 
boxes.  Or at least, I haven't seen information about running L2TP with 
a Linux client.  I have both Linux and Windows clients on the roadwarrior
network side that need to connect to the 172.16.0.0 subnet.

I've invested a lot of time up to this point in trying to understand 
FreeSwan/OpenSwan and the further I go, the more I see where I might 
have problems.  What I'm really trying to understand at this point, is 
if this is even possible to do and if so, what method I need to take to 
get this working.

Thanks

Mark



More information about the Users mailing list