[Openswan Users] Configuration problem
Paul Wouters
paul at xelerance.com
Sat Dec 31 20:27:36 CET 2005
On Sat, 31 Dec 2005, webmaster @ elnportal.it wrote:
> My network configuration is:
>
> Side 1
> 10.0.0.0/24 (local subnet) --> GW1 (192.168.1.4) --> (192.168.1.1) ROUTER (PUBLIC IP)--> internet
>
> Side2
> 10.0.2.0/26 (local subnet) --> GW2 (192.168.1.2) --> (192.168.1.1) ROUTER (PUBLIC IP) --> internet
>
> The two routers make natting from public IP to GW1 or GW2 eth0 (192.168.1.4 for GW1 and 192.168.1.2 for GW2)
> conn vpn
> left=192.168.1.4
> leftsubnet=10.0.0.0/24
> leftnexthop=192.168.1.1
> right=192.168.1.2
> rightsubnet=10.0.2.0/26
> rightnexthop=PUBLICIP_GW2
> authby=secret
> auto=start
> conn vpn
> left=192.168.1.2
> leftsubnet=10.0.2.0/26
> leftnexthop=192.168.1.1
> right=192.168.1.4
Your situation is much more complex, since both gateways are behind nat. You
will need to specify the public IP's of the routers as left/right and use
protoco/port forwarding.
Worse though, you are using the same range 192.168.1.0/24 at both sides. That
might complicate things a lot.
Your easy way out is to have a public IP on both IPsec servers (eg replace the "router")
with the openswan machine itself.
Paul
More information about the Users
mailing list