[Openswan Users] openswan ipsec VPN

[Jacco de Leeuw]

Paul Wouters wrote:

> On Mon, 31 Oct 2005, Nick Woolley wrote:
> 
>>However, even with the Bernd's patch installed to make an Openswan server
>>work behind a NAT (downloaded from Jacco de Leeuw's site, for Openswan
>>version 2.4.2), ports 4500 and 500 UDP forwarded to the server, and a
>>connection from behind a NAT on the other side, nothing actually happens.  I
>>don't even get any TCP activity when I do a tcpdump on the server.
> 
> You shouldn't see any tcp? port 4500 and 500 use udp only.

Do you see UDP activity with tcpdump when you stop Openswan? (Also temporarily
disable any firewall rules you might have on the Linux server. You're behind a
NAT router).

If not, then you'll have to sniff the packets that leave the Windows client.
If these look all right, then the NAT router is to blame, as Paul suggested.

>>It all suggests that I am not able to connect to an Openswan server behind a
>>NAT using Windows XP - but I thought this was all possible with the XP SP2
>>patch and the Openswan patch?  The fact I get absolutely no network traffic
>>puzzles me, and seems to suggest I haven't set up port forwarding correctly

The only other thing I can think of is that you are doing double NAT. You
could try again with a client that is not NATed (i.e. single NAT). For
instance, hook up the Windows client to an analog modem and dial in
directly to an ISP (just for testing purposes).

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl
                     Mosquitos suck