[Openswan Users] VPN Server behind NAT

Jacco de Leeuw jacco2 at dds.nl
Fri Apr 1 20:54:46 CEST 2005


Glenn MacGregor wrote:

> I have a OpenSWAN server for roadwarrior (l2tp-ipsec) setup.
> I want to move it behind my firewall (DMZ) and setup a static NAT rule to give
> it a public address.

This is not yet fully supported. You will have to wait for Openswan 2.3.1
or apply an experimental patch by Bernd Galonska:
http://www.jacco2.dds.nl/networking/patches/openswan-NATserver.patch

> O=HighStreet Networks, CN=vpnserver]:17/0...216.204.76.253[C=US,
                                        ^^^^
This should have been 17/1701. It means that your Windows 2000/XP client
is lacking NAT-Traversal support.

Either install update Q818043 or apply SP2 if you are using XP.
Note that if you install SP2 you will also need to tweak a registry setting:
http://www.jacco2.dds.nl/networking/win2000xp-freeswan.html#SP2

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl


More information about the Users mailing list