[Openswan Users] Windows XP and OpenSwan
Paul Wouters
paul at xelerance.com
Thu Apr 28 19:23:16 CEST 2005
On Thu, 28 Apr 2005, Aaron Smith wrote:
> Ok. Couple of questions. I *think* this is a nat traversal issue.
> If I have an Openswan Gateway machine that has a public IP and then I
> have a Windows XP client behind a linux server doing NAT, does the
> openswan Gateway need to support nat-t?
Yes.
> I can successfully create an
> IPSec tunnel between the openswan gateway and the remote linux box
> (though there is a minor issue with that which I think I'll send
> seperately to the list) but when I establish an IPSec connection to the
> same Gateway directly from a Windows XP machine behind the linux box,
> the tunnel comes up, but pings to the local subnet time out and although
> I see ESP packets arrive at the Gateway, there is no traffic on ipsec0.
You should see UDP port 500 packets (nat-t encapsulated ESP packets).
> config setup
> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
You are missing a line with line 'nat_traversal=yes'
Paul
More information about the Users
mailing list