[Openswan Users] Configuring NAT-T
Vernon A. Fort
vfort at provident-solutions.com
Wed Apr 13 12:42:32 CEST 2005
I'm trying to get two FC3 firewall/openswan boxes connected using
NAT-T. My layout:
[RIGHT] 192.168.10.0/24 -> Right Firewall <-> Left Firewall ->
192.168.20.0/24 -> [NAT-T] 192.168.1.0/24 [LEFT]
The VPN from 192.168.10/24 successfully connected to the 192.168.20/24.
I need hosts on the right, say 192.168.10.35 to connect via the VPN to
hosts on the left, say 1921.68.1.10. Here's my ipsec.conf and I am
using Pre-shared for authby. Can someone PLEASE tell me what I'm
missing!?!? Is there any iptables DNAT or SNAT that are needed?
config setup
interfaces=%defaultroute
klipsdebug=all
plutodebug=all
uniqueids=yes
nat_traversal=yes
conn %default
keyingtries=0
disablearrivalcheck=no
authby=rsasig
conn supportvpn
# RIGHT - support provider
authby=secret
right=66.83.239.70
rightsubnet=192.168.10.0/24
rightsourceip=192.168.10.254
rightnexthop=%defaultroute
# LEFY - my side
left=24.106.111.114
leftsubnet=192.168.20.0/24
leftsourceip=192.168.20.254
leftnexthop=%defaultroute
auto=add
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
More information about the Users
mailing list