[Openswan Users] IPSEC/L2TP Server behind a Firefall with NAT
Jacco de Leeuw
jacco2 at dds.nl
Thu Jun 9 12:48:09 CEST 2005
foren titze wrote:
> Now, I have a woking IPSEC server with an public IP. The server is behind a
> firewall with forwarded ports 4500, 500 and esp 50. the server runs debian
> with openswan 1.0.8, kernel 2.4.29-grsec.
> In the next days we want make a new firewall. then all public IPs are to be
> nat'd in the firewall.
> So the server will get an internal IP and will be nat'd.
> What I have to change, except the ip's in ipsec.conf?
I have never tried a NATed server with Openswan 1.x in Transport Mode.
Openswan 2.x needs an experimental patch by Bernd Galonska. You have
got to upgrade to Openswan 2.x.
You won't have to forward IP protocol 50 (ESP).
> The clients will be always behind a nat-fireall like DSL
Double NAT. I would be interested to know if that works.
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users