[Openswan Users] Good old Nat

Paul Wouters paul at xelerance.com
Mon Aug 15 18:37:11 CEST 2005


On Mon, 15 Aug 2005, Fred Strauss wrote:

>> Does openswan say it activated NAT-Traversal at startup? If so, what are
>> your virtual_private= settings and your conn setting?
>
> Hi
>
> Yes, I get "including NAT-Traversal patch (Version 0.6c)" on both the
> server and the roadwarrior at startup. When I try to connect the
> server logs that the peer is natted, and the roadwarrior logs "I'm
> natted".

OK.

> I don't know what virtual_private is, is that a setting I'm missing?

I guess.

> Here is the conn section on the server side:
> conn xxx-roadwarrior
>        left=xxx.xxx.xxx.xxx
>        leftsubnet=192.168.2.0/24
>        leftrsasigkey=%cert
>        leftcert=xxx.pem
>        right=%any
>        rightrsasigkey=%cert
>        auto=add
>        pfs=yes

add to config setup:

 	virtual_private="%v4:10.0.0.0/8,%v4:192.168.0.0/16,!%v4:192.168.2.0/8"

add to your xxx-raodwarrior

 	rightsubnet=vhost:%no,%priv

Paul


More information about the Users mailing list