[Openswan Users] Good old Nat
Paul Wouters
paul at xelerance.com
Mon Aug 15 18:37:11 CEST 2005
On Mon, 15 Aug 2005, Fred Strauss wrote:
>> Does openswan say it activated NAT-Traversal at startup? If so, what are
>> your virtual_private= settings and your conn setting?
>
> Hi
>
> Yes, I get "including NAT-Traversal patch (Version 0.6c)" on both the
> server and the roadwarrior at startup. When I try to connect the
> server logs that the peer is natted, and the roadwarrior logs "I'm
> natted".
OK.
> I don't know what virtual_private is, is that a setting I'm missing?
I guess.
> Here is the conn section on the server side:
> conn xxx-roadwarrior
> left=xxx.xxx.xxx.xxx
> leftsubnet=192.168.2.0/24
> leftrsasigkey=%cert
> leftcert=xxx.pem
> right=%any
> rightrsasigkey=%cert
> auto=add
> pfs=yes
add to config setup:
virtual_private="%v4:10.0.0.0/8,%v4:192.168.0.0/16,!%v4:192.168.2.0/8"
add to your xxx-raodwarrior
rightsubnet=vhost:%no,%priv
Paul
More information about the Users
mailing list