[Openswan Users] Openswan gateway behind NAT

Paul Wouters paul at xelerance.com
Sun Jan 9 23:11:09 CET 2005


On Sun, 9 Jan 2005, Marcus Better wrote:

> Here is the log output on the gateway (192.168.1.2) when I connect:

> Jan  7 09:43:09 kakmonster pluto[25485]: | NAT-T: new mapping

> Jan  7 09:43:10 kakmonster pluto[25485]: "rw"[7] 83.227.75.174:4500 #19:
> IPsec SA established {ESP/NAT=>0xcf2592ad <0x8710af63 NATOA=0.0.0.0}

> And here is the log output on the client:
> -----------------------------------------------------------------------
> Jan  7 09:45:38 thales pluto[3088]: "dac" #1: NAT-Traversal: Result
> using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed

> Jan  7 09:45:38 thales pluto[3088]: "dac" #2: sent QI2, IPsec SA
> established {ESP=>0x8710af63 <0xcf2592ad NATOA=0.0.0.0}
> ---------------------------------------------------------------------

Seems okay. What does 'ipsec verify' say?
Are you not filtering something? Are you running NAT on your laptop?

Check both ends to see if at openswan startup you get an OK message about
NAT-t being enabled in the logfiles.

Paul


More information about the Users mailing list