[Openswan Users] openswan behind nat firewall
Paul Wouters
paul at xelerance.com
Sat Jan 29 17:36:05 CET 2005
On Fri, 28 Jan 2005, David Spear wrote:
> # echo "1" > /proc/sys/net/ipv4/ip_forward
Yu can do that better in /etc/sysctl.conf
> nat_traversal=yes
> virtual_private=%v4:192.168.0.0/16
> conn roadwarrior
> left=%defaultroute
> leftcert=openswan.pem
> leftsubnet=192.168.1.0/24
> right=%any
> rightsubnet=vhost:%no,%priv
if 192.168.1.0/24 is the subnet behind the gateway you are trying to reach,
you should exclude it from your allowed nat_traversal ranges:
virtual_private=%v4:192.168.0.0/16,%v4:!192.168.1.0/24
Paul
More information about the Users
mailing list