[Openswan Users] NAT Problem?
Paul Wouters
paul at xelerance.com
Tue Mar 8 13:47:04 CET 2005
On Tue, 8 Mar 2005, Miguel Ángel Domínguez Durán wrote:
> nat_traversal=yes
you might want virtual_private= ?
> conn windows
> auto=add
> auth=rsasig
> left=213.9.x.x
> leftcert=vpncert.pem
> leftid="C=ES, ST=MALAGA, L=MALAGA, O=CHERRYTEL COMUNICACIONES S.L.,
> CN=vpn"
> right=%any
> rightcert=windowsxp.pem
> rightid="C=ES, ST=MALAGA, L=MALAGA, O=Prueba, CN=prueba"
> pfs=yes
> keyingtries=0
this is a tunnel to 1 IP only, since there is no leftsubnet.
> The ipsec.conf in the windows machine contains the following:
> conn windows
> left=%any
> leftid="C=ES, ST=MALAGA, L=MALAGA, O=Prueba, CN=prueba"
> right=213.9.x.x
> rightsubnet=*
this implies the server should have leftsubnet=0.0.0.0/0
If you want ALL traffic to go to the server, use the leftsubnet line.
If you don't, remove the rightsubnet line.
If you meant to connect top just some ip network at the server, use that
as right/leftsubnet and exlude it from NAT in virtual_private.
Paul
More information about the Users
mailing list