[Openswan Users] openswan behind nat firewall
Jacco de Leeuw
jacco2 at dds.nl
Sat Jan 29 18:25:54 CET 2005
Dino Dragovic wrote:
> I am trying to setup Openswan as a vpn server (and l2tp) behind firewall
> which is doing nat.
I have not yet managed to get this working myself. With some tweaking
I got the IPsec connection up but L2TP reply packets were not tunnelled
> conn road
Shouldn't leftnexthop be the IP address of your router?
Does the ID match the one in the cert?
> Firewall is dnat-ing udp 500,4500 and 1701 to 192.168.0.2.
L2TP (UDP 1701) should not be DNAT-ed. It is tunnelled in IPsec.
> cannot respond to IPsec SA request because no connection
> is known for 184.108.40.206/32===192.168.0.2:4500[C=hr, ST=Croatia,
> L=Osijek, O=Demo, OU=xxxx, CN=xxxx,
> E=xxxxx]:17/1701...220.127.116.11:4500[C=hr, ST=Croatia, L=Osijek, O=Demo,
> OU=yyy, CN=yyy, E=yyyy]: 17/1701
Perhaps some more tweaking of the ipsec.conf is required. But even then,
the L2TP part might not work.
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users