[Openswan Users] Re: need help related to DPD
Paul Wouters
paul at xelerance.com
Sat Mar 25 18:50:28 CET 2006
On Sat, 25 Mar 2006, utkarsh shah wrote:
> but actually i would like to know what is use of eroute putting it in
> %hold status or when will it be put in normal status.
hold means: any packet for the destination of the tunnel will NOT be sent in
the clear. If the tunnel is cleared, it means packets for the IP range that
used to be at the other end of the tunnel will be sent via normal routing in
the clear.
> and related to connection type i have sperified properconnection type
> i use Linux Openswan U2.4.4/K2.4.5rc4 (klips) version an config is like
> conn test
> type=transport
> left=182.7.7.254
> leftnexthop=182.7.7.1
> and at other side
> conn sanket_net
> type=tunnel
> left=181.7.7.2
> leftnexthop=181.7.7.1
>
> we don't require nat-t support.
The conflicting type= settings should not work. This is a bug that will be fixed,
so do not use it.
> and can u suggest me configuration for a net-to-net scenatio where one
> or both of server have private ip or both of them are behind NAT-Box.
You need to enable nat_traversal, set virtual_private accordingly, and add
rightsubnet=vhost:%no,%priv to the 'server' side. Having both behind nat
complicates things further by needing port forwards, and is really a poor
way of setting up a vpn. Try to avoid it if possible.
Paul
More information about the Users
mailing list