[Openswan Users] Missing a concept

Barry Reinhold bbr at lampreynetworks.com
Tue Feb 8 13:16:58 CET 2005


I am attempting to install VPN service between "roadwarrior" windows XP
boxes and a SOHO network. In general I have followed the procedure
outlined by Nate Carlson, and have managed to get a VPN established
between a windows XP workstation and the SOHO network ... sort of.

>From the XP box  (in private space 192.168.130./24) I can ping, and
telnet to the office network (in private space 192.168.127.0/24). But I
can not start X applications and get the display back on my XP box, nor
can I ping from the office network to the XP box -- even while the XP
box is pinging the other way.

The layout is:

XP box/IPsec client <-- 192.168.130.0/24 --> NAT only box <-- internet
--> NAT box/IPsec server <-- 192.168.127.0/24 -->Linux server

When I use ethereal to capture traffic on the internet side of the "NAT
only box" I see pings flowing through (UDP_source == 4500, and UDP_dest
== 4500). However, when I ping from the Linux server box to the XP box I
see the packets flowing into the NAT only box on (UDP_Source == whatever
port, UDP_dest == 4500).

After a read through of the draft for NAT-T I think I should be
expecting the linux server's ping requests to be mapped to (4500, 4500).
I would like to have this confirmed.

The second question is, if this is wrong, is it most likely in my
ipsec.conf or is there some firewall/NAT code that should be checked?

Thanks in advance for any insight/suggestions.

Barry Reinhold
Lamprey Networks
bbr at lampreynetworks.com
(603) 868-8411
 





More information about the Users mailing list