[Openswan Users] openswan behind nat firewall

Paul Wouters paul at xelerance.com
Sat Jan 29 17:36:05 CET 2005

On Fri, 28 Jan 2005, David Spear wrote:

> # echo "1" > /proc/sys/net/ipv4/ip_forward

Yu can do that better in /etc/sysctl.conf

>        nat_traversal=yes
>        virtual_private=%v4:

> conn roadwarrior
>        left=%defaultroute
>        leftcert=openswan.pem
>        leftsubnet=
>        right=%any
>        rightsubnet=vhost:%no,%priv

if is the subnet behind the gateway you are trying to reach,
you should exclude it from your allowed nat_traversal ranges:



More information about the Users mailing list