[Openswan Users] NAT-T problems
kumar nani
kumar_lists at yahoo.co.in
Sat Jul 23 08:58:21 CEST 2005
Hi all ,
I am a newbie to the IPSec & i have installed
openswan-2.3.0 on two linux machines.IPSec is working
fine between both of them.But when i am trying to test
NAT-Traversal with openswan-2.3.0 on two linux
machines it is failing.My setup is shown below.
PC1 -- 20.20.20.5 (eth0)
|
|
-- 20.20.20.1 (eth0)
PC-NAT
-- 192.168.1.125 (eth1)
|
|
PC2 -- 192.168.1.124 (eth0)
PC1 & PC2 are linux machines running openswan-2.3.0 in
them and NAT box is also a Linux PC having two
ethernet interfaces eth0 & eth1 having a nat rule as
given below.
iptables -t nat -A POSTROUTING -s 20.20.20.5 -o eth1
-j SNAT --to-source 192.168.1.125
This rule is working fine for ping packets.i.e., PC1
can ping PC2 and vice versa.
ipsec.conf files for both the PC's are given below.
PC1
---
config setup
klipsdebug=none
plutodebug=none
interfaces=ipsec0=eth0
nat_traversal=yes
conn PC1
type=tunnel
left=20.20.20.5
right=192.168.1.124
auth=esp
authby=secret
keyexchange=ike
pfs=yes
auto=add
PC2
----
config setup
klipsdebug=none
plutodebug=none
interfaces=ipsec0=eth0
nat_traversal=yes
conn PC2
type=tunnel
left=192.168.1.124
right=20.20.20.5
auth=esp
authby=secret
keyexchange=ike
pfs=yes
auto=add
ipsec.secrets file
------------------
PC1
---
20.20.20.5 192.168.1.124 : PSK "nattraversal"
PC2
---
192.168.1.124 20.20.20.5 : PSK "nattraversal"
-----------
When I am initiating the connection from anyside the
connection is not at all establishing.IKE mainmode
itself is not going.
Can anybody please tell me is there any thing wrong
with my configuration.
Regards
Kumar.
__________________________________________________________
How much free photo storage do you get? Store your friends 'n family snaps for FREE with Yahoo! Photos http://in.photos.yahoo.com
More information about the Users
mailing list