[Openswan Users] NAT Problem?

Paul Wouters paul at xelerance.com
Tue Mar 8 13:47:04 CET 2005

On Tue, 8 Mar 2005, Miguel Ángel Domínguez Durán wrote:

>       nat_traversal=yes

you might want virtual_private= ?

> conn windows
>       auto=add
>       auth=rsasig
>       left=213.9.x.x
>       leftcert=vpncert.pem
> CN=vpn"
>       right=%any
>       rightcert=windowsxp.pem
>       rightid="C=ES, ST=MALAGA, L=MALAGA, O=Prueba, CN=prueba"
>       pfs=yes
>       keyingtries=0

this is a tunnel to 1 IP only, since there is no leftsubnet.

> The ipsec.conf in the windows machine contains the following:
> conn windows
>       left=%any
>       leftid="C=ES, ST=MALAGA, L=MALAGA, O=Prueba, CN=prueba"
>       right=213.9.x.x
>       rightsubnet=*

this implies the server should have leftsubnet=

If you want ALL traffic to go to the server, use the leftsubnet line.
If you don't, remove the rightsubnet line.
If you meant to connect top just some ip network at the server, use that
as right/leftsubnet and exlude it from NAT in virtual_private.


More information about the Users mailing list