[Openswan Users] openswan ipsec VPN
Paul Wouters
paul at xelerance.com
Mon Oct 31 21:07:58 CET 2005
On Mon, 31 Oct 2005, Nick Woolley wrote:
> The logs say absolutely nothing when I try and connect to Openswan from
> behind a NAT (the server is also behind a NAT). Connect to the server on a
> local area network and it works fine. Locally the logs show up with no
> errors.
>
> However, even with the Bernd's patch installed to make an Openswan server
> work behind a NAT (downloaded from Jacco de Leeuw's site, for Openswan
> version 2.4.2), ports 4500 and 500 UDP forwarded to the server, and a
> connection from behind a NAT on the other side, nothing actually happens. I
> don't even get any TCP activity when I do a tcpdump on the server.
You shouldn't see any tcp? port 4500 and 500 use udp only.
> It all suggests that I am not able to connect to an Openswan server behind a
> NAT using Windows XP - but I thought this was all possible with the XP SP2
> patch and the Openswan patch? The fact I get absolutely no network traffic
> puzzles me, and seems to suggest I haven't set up port forwarding correctly
> (but that isn't true as 8080 and 22 all go through ok) - hence my question
> regarding VPN pass through routers.
disable ipsec passthrough. If you cannot turn it off, throw NAT router away.
There is no alternative.
> I applied the tips from Jacco de Leeuw that he kindly gave on Saturday, but
> I still get no traffic with tcpdump. Is there something else I have to
> configure other that Bernd's patch to make an OPenswan server work behind a
> NAT?
Not that I can think of.
Paul
More information about the Users
mailing list