[Openswan Users] static nat on tunnel ipsec {Escaneado contra Virus y Spam}

fran ursala at samtek.es
Wed Mar 23 14:26:30 CET 2005


sorry for my english.

i have a fedora core 2 with fresswan 2.06, and i do static nat in tunnel vpn.

with this type of configuration (doing static nat ) i have another two vpn tunnels work correctly:
one tunnel against a cisco vpn, and other one against a nortel vpn, and both (work since 6 months ago)  for they
(cisco vpn or nortel vpn) my GW is my ip public ( , and they know nothing about my real GW vpn (,
they dont need it.

but when tunnel is against a freeswan vpn server appear a problem because seem that the GW B  reads my ipsec.conf file and 
read: left=, but in its ipsec.conf dont exits, and only exits right=

resuming: VPN B only see the public ip ( so in its ipsec.conf: right=, but when IKE negociation occur
server A communicate it (instead of and no IKE negociation occur:

Mar 15 09:48:38 fwint Pluto[7678]: "monteftp" #2: max number of retransmissions (2) reached STATE_MAIN_R2 
Mar 15 09:48:39 fwint Pluto[7678]: "monteftp" #4: responding to Main Mode 
Mar 15 09:48:41 fwint Pluto[7678]: "monteftp" #4: no suitable connection for peer '' 


gateway VPN (this is my tunnel GW VPN, but is a private ip, so to travel through internet i must to static nated to a public ip:

FIREWALL:         do source static nat to transform the private to a public  ip:

my subnet :       
my GW VPN:(GW A)             | 
       ||                                   |                    ||
static nated to                       |  
                                            |                    ||
                                            |                (tunnel)
                                            |                    ||
the other GW VPN:                |  
       GW B                                     |
the other subnet:

if static nat works wih cisco and nortel vpn, why dont works with another freeswan?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20050323/ba1b9e09/attachment-0001.htm

More information about the Users mailing list