[Openswan Users] IPSEC/L2TP Server behind a Firefall with NAT
foren titze
foren.titze at gmx.net
Thu Jun 9 13:01:39 CEST 2005
Am Donnerstag, 9. Juni 2005 11:48 schrieb Jacco de Leeuw:
> foren titze wrote:
> > Now, I have a woking IPSEC server with an public IP. The server is behind
> > a firewall with forwarded ports 4500, 500 and esp 50. the server runs
> > debian with openswan 1.0.8, kernel 2.4.29-grsec.
> >
> > In the next days we want make a new firewall. then all public IPs are to
> > be nat'd in the firewall.
> > So the server will get an internal IP and will be nat'd.
> > What I have to change, except the ip's in ipsec.conf?
>
I should upgrade to openswan 2.3.1 and kernel 2.6? So where I can get the
patch?
> I have never tried a NATed server with Openswan 1.x in Transport Mode.
> Openswan 2.x needs an experimental patch by Bernd Galonska. You have
> got to upgrade to Openswan 2.x.
>
> You won't have to forward IP protocol 50 (ESP).
>
Only port 4500 and 500 TCP are enough?
> > The clients will be always behind a nat-fireall like DSL
>
> Double NAT. I would be interested to know if that works.
>
I hope so. It should not be so different to get this working, or?
Server - fireall - inet - firewall/nat -client in contrast to
Server firewall/nat -inet- firewall/nat - client
thx
benjamin
> Jacco
More information about the Users
mailing list