[Openswan Users] FC3 VPN server behind NAT not working...
HELP....
Jacco de Leeuw
jacco2 at dds.nl
Fri May 6 14:57:55 CEST 2005
Deepak Naidu wrote:
> I have configured Openswan 2.3.1(which includes NAT
> patch) and also pacthed a NAT patch for VPN server
> running behind NAT
>
> Server Openswan 2.3.1 on FC3
> Client winxp with sp2 using l2tpd/ppp conenction,
>
> Port 500, 4500 and 1701 is natted to my VPN server
> from the gateway.
Never forward L2TP (UDP 1701) to an internal VPN server! It is unsafe.
L2TP is plain text: it should only be accessible through a VPN tunnel.
> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
You may need to exclude your internal subnet here. Add the following:
... ,%v4:!192.168.2.0/24
> conn roadwarrior
> left=202.149.x.x
I understand that you found out yourself that you needed to use
the private IP address of Openswan's interface here, not the
public IP address of the NAT router.
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list