[Openswan Users] NAT-T and NET to NET

J Zakhar jzakhar at gmail.com
Sat Feb 26 18:59:51 CET 2005


I have a gateway with a public ip, The peer trying to establish a
tunnel with me is behing a NAT router

I have tried on the gateway with the public ip the following for right

right=public-ip-of-router

right=privateaddress

the only way it ever establishes a tunnel is with right=%any

which ends up looking like this in the status display

"site"[1]: 192.168.42.0/24===68.46.210.xxx:4500[@athena]---68.46.210.129...24.90.16.xxx:4500[@spinfuture]===192.168.1.0/24;
erouted; eroute owner: #2

maybe I am missing something here, I am just not sure what to do for
right on the gateway as nothing has worked yet

using right=anything but %any gets me

Feb 26 18:40:18 pcp03822184pcs pluto[6053]: packet from
24.90.16.xxx:4500: initial Main Mode message received o
n 68.46.210.xxx:4500 but no connection has been authorized

Could this be a problem with the remote router trying to do ipsec passthrough ?


More information about the Users mailing list