[Openswan Users] openswan ipsec VPN

Paul Wouters paul at xelerance.com
Mon Oct 31 21:07:58 CET 2005


On Mon, 31 Oct 2005, Nick Woolley wrote:

> The logs say absolutely nothing when I try and connect to Openswan from
> behind a NAT (the server is also behind a NAT).  Connect to the server on a
> local area network and it works fine.  Locally the logs show up with no
> errors.
>
> However, even with the Bernd's patch installed to make an Openswan server
> work behind a NAT (downloaded from Jacco de Leeuw's site, for Openswan
> version 2.4.2), ports 4500 and 500 UDP forwarded to the server, and a
> connection from behind a NAT on the other side, nothing actually happens.  I
> don't even get any TCP activity when I do a tcpdump on the server.

You shouldn't see any tcp? port 4500 and 500 use udp only.

> It all suggests that I am not able to connect to an Openswan server behind a
> NAT using Windows XP - but I thought this was all possible with the XP SP2
> patch and the Openswan patch?  The fact I get absolutely no network traffic
> puzzles me, and seems to suggest I haven't set up port forwarding correctly
> (but that isn't true as 8080 and 22 all go through ok) - hence my question
> regarding VPN pass through routers.

disable ipsec passthrough. If you cannot turn it off, throw NAT router away.
There is no alternative.

> I applied the tips from Jacco de Leeuw that he kindly gave on Saturday, but
> I still get no traffic with tcpdump.  Is there something else I have to
> configure other that Bernd's patch to make an OPenswan server work behind a
> NAT?

Not that I can think of.

Paul


More information about the Users mailing list