[Openswan Users] Configuring NAT-T
Paul Wouters
paul at xelerance.com
Wed Apr 13 20:35:40 CEST 2005
On Wed, 13 Apr 2005, Vernon A. Fort wrote:
> I'm trying to get two FC3 firewall/openswan boxes connected using NAT-T. My
> layout:
>
> [RIGHT] 192.168.10.0/24 -> Right Firewall <-> Left Firewall ->
> 192.168.20.0/24 -> [NAT-T] 192.168.1.0/24 [LEFT]
I do not understand this diagram at all. Try writing it with boxes for
each machine and/or add interface names to IP's involved.
> The VPN from 192.168.10/24 successfully connected to the 192.168.20/24. I
"The VPN" connected? Do you mean the two Openswan boxes connected? Do you
mean you have a working VPN from the subnet 192.168.10/24 to subnet
192.168.20/24.?
> need hosts on the right, say 192.168.10.35 to connect via the VPN to hosts on
> the left, say 1921.68.1.10.
193.168.1.10 is outside any of your VPN subnets listed about, so you will
need a seperate new connection definition for this.
> conn supportvpn
> # RIGHT - support provider
> authby=secret
> right=66.83.239.70
> rightsubnet=192.168.10.0/24
> rightsourceip=192.168.10.254
> rightnexthop=%defaultroute
> # LEFY - my side
> left=24.106.111.114
> leftsubnet=192.168.20.0/24
> leftsourceip=192.168.20.254
> leftnexthop=%defaultroute
> auto=add
This will setup a tunnel from 192.168.10.0/24 to 192.168.20.0/24. It does
not do anything for 192.168.1.0/24. Add another conn with
conn supportvpn2
authby=secret
right=66.83.239.70
rightsubnet=192.168.10.0/24
left=24.106.111.114
leftsubnet=192.168.1.0/24
auto=add
Paul
More information about the Users
mailing list