[Openswan Users] L2TP/IPsec with double NAT

Jacco de Leeuw jacco2 at dds.nl
Thu Aug 11 00:52:46 CEST 2005


Stefano Pazzaglia wrote:

> Ok, no answers at all...

I refer to my previous suggestions.

> connect from a natted and updated xp client, how must look my ipsec.conf
> like? I'm not still sure about what to write in left, leftnexthop,
> leftsubnet, right etc...

See http://www.jacco2.dds.nl/networking/freeswan-l2tp.html#NAT
for some tips.

> Moreover when I indicate leftsubnet=192.168.0.0/24
> in ipsec.conf  connection can't start. 

If left is the local VPN server, then there should not be a
leftsubnet. The L2TP daemon facilitates the access to the
internal subnet, not Openswan.

> In this moment another attempt is
> failing and this is the output from ipsec auto --status.
> What the hell means 000 xxx.xxx.xxx.91/32:0 -17-> 213.140.19.123/32:0 =>
> %hold 0    %acquire-netlink????????

Don't get yourself distracted by large amounts of output.
Take a few steps backs. Start without NAT. Then switch from PSK to certs.
Then put the client behind NAT. And finally the server.

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl


More information about the Users mailing list