[Openswan Users] VPN-1 Edge X to Openswan success (AES)

[Paul Wouters]

On Fri, 16 Dec 2005, Jerome Kaidor wrote:

> *** Right now, I have it mostly working.  I just don't have much faith
> in it.  Connections will sometimes be partially set up, and the server
> then locks my IP out so I can't even SSH in to fix it.

conn passthrough-for-non-l2tp
        type=passthrough
        left=YourServerIP
        leftnexthop=YourGwIP
        right=0.0.0.0
        rightsubnet=0.0.0.0/0
        auto=route

This allows both l2tp/ipsec and plaintext connections from behind the same
NAT router. The l2tpd use a leftprotoport, so they are more specific and
will be used first. Then, packets for the host on different ports and
protocols (eg ssh) will match this passthrough conn.

Paul
-- 

"Happiness is never grand"

	--- Mustapha Mond, World Controller (Brave New World)