[Openswan Users] Configuration problem

Paul Wouters paul at xelerance.com
Sat Dec 31 20:27:36 CET 2005


On Sat, 31 Dec 2005, webmaster @ elnportal.it wrote:

> My network configuration is:
>
> Side 1
> 10.0.0.0/24 (local subnet) --> GW1 (192.168.1.4) --> (192.168.1.1) ROUTER (PUBLIC IP)--> internet
>
> Side2
> 10.0.2.0/26 (local subnet) --> GW2 (192.168.1.2) --> (192.168.1.1) ROUTER (PUBLIC IP) --> internet
>
> The two routers make natting from public IP to GW1 or GW2 eth0 (192.168.1.4 for GW1 and 192.168.1.2 for GW2)

> conn vpn
>         left=192.168.1.4
>         leftsubnet=10.0.0.0/24
>         leftnexthop=192.168.1.1
>         right=192.168.1.2
>         rightsubnet=10.0.2.0/26
>         rightnexthop=PUBLICIP_GW2
>         authby=secret
>         auto=start

> conn vpn
>         left=192.168.1.2
>         leftsubnet=10.0.2.0/26
>         leftnexthop=192.168.1.1
>         right=192.168.1.4

Your situation is much more complex, since both gateways are behind nat. You
will need to specify the public IP's of the routers as left/right and use
protoco/port forwarding.

Worse though, you are using the same range 192.168.1.0/24 at both sides. That
might complicate things a lot.

Your easy way out is to have a public IP on both IPsec servers (eg replace the "router")
with the openswan machine itself.

Paul


More information about the Users mailing list