[Openswan Users] IPSEC/L2TP Server behind a Firefall with NAT

Jacco de Leeuw jacco2 at dds.nl
Thu Jun 9 12:48:09 CEST 2005

foren titze wrote:

> Now, I have a woking IPSEC server with an public IP. The server is behind a 
> firewall with forwarded ports 4500, 500 and esp 50. the server runs debian 
> with openswan 1.0.8, kernel 2.4.29-grsec.
> In the next days we want make a new firewall. then all public IPs are to be 
> nat'd in the firewall. 
> So the server will get an internal IP and will be nat'd. 
> What I have to change, except the ip's in ipsec.conf?

I have never tried a NATed server with Openswan 1.x in Transport Mode.
Openswan 2.x needs an experimental patch by Bernd Galonska. You have
got to upgrade to Openswan 2.x.

You won't have to forward IP protocol 50 (ESP).

> The clients will be always behind a nat-fireall like DSL

Double NAT. I would be interested to know if that works.

Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl

More information about the Users mailing list