[Openswan Users] L2TP/IPsec with double NAT
Jacco de Leeuw
jacco2 at dds.nl
Thu Aug 11 00:52:46 CEST 2005
Stefano Pazzaglia wrote:
> Ok, no answers at all...
I refer to my previous suggestions.
> connect from a natted and updated xp client, how must look my ipsec.conf
> like? I'm not still sure about what to write in left, leftnexthop,
> leftsubnet, right etc...
See http://www.jacco2.dds.nl/networking/freeswan-l2tp.html#NAT
for some tips.
> Moreover when I indicate leftsubnet=192.168.0.0/24
> in ipsec.conf connection can't start.
If left is the local VPN server, then there should not be a
leftsubnet. The L2TP daemon facilitates the access to the
internal subnet, not Openswan.
> In this moment another attempt is
> failing and this is the output from ipsec auto --status.
> What the hell means 000 xxx.xxx.xxx.91/32:0 -17-> 213.140.19.123/32:0 =>
> %hold 0 %acquire-netlink????????
Don't get yourself distracted by large amounts of output.
Take a few steps backs. Start without NAT. Then switch from PSK to certs.
Then put the client behind NAT. And finally the server.
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list