[Openswan Users] IPSEC/L2TP Server behind a Firefall with NAT

foren titze foren.titze at gmx.net
Thu Jun 9 13:01:39 CEST 2005


Am Donnerstag, 9. Juni 2005 11:48 schrieb Jacco de Leeuw:
> foren titze wrote:
> > Now, I have a woking IPSEC server with an public IP. The server is behind
> > a firewall with forwarded ports 4500, 500 and esp 50. the server runs
> > debian with openswan 1.0.8, kernel 2.4.29-grsec.
> >
> > In the next days we want make a new firewall. then all public IPs are to
> > be nat'd in the firewall.
> > So the server will get an internal IP and will be nat'd.
> > What I have to change, except the ip's in ipsec.conf?
>

I should upgrade to openswan 2.3.1 and kernel 2.6? So where I can get the 
patch?


> I have never tried a NATed server with Openswan 1.x in Transport Mode.
> Openswan 2.x needs an experimental patch by Bernd Galonska. You have
> got to upgrade to Openswan 2.x.
>
> You won't have to forward IP protocol 50 (ESP).
>
Only port 4500 and 500 TCP are enough?
> > The clients will be always behind a nat-fireall like DSL
>
> Double NAT. I would be interested to know if that works.
>
I hope so. It should not be so different to get this working, or? 							
Server - fireall - inet - firewall/nat -client  in contrast to 
Server firewall/nat -inet- firewall/nat - client

thx

benjamin

> Jacco


More information about the Users mailing list