[Openswan Users] Help with vpn Client Through-NAT

Paul Wouters paul at xelerance.com
Sun Sep 3 16:37:23 EDT 2006

On Sun, 3 Sep 2006, Michael Williamson wrote:

> My VPN server (at work) is a linksys router (model RV042).  It is the primary
> router/NAT for work's private subnet and the internet.  I can
> configure the tunnel for the router (up to 50 of them), and my best/only VPN
> option at the moment appears to be an IPSEC tunnel using pre-shared keys.  I
> have no idea what OS the linksys router is using, I can only fool with the web
> forms to configure it.

Ah ok. so you need to keep using authby=secret.

> The commands and config file I sent you were all from the client.  The "left"
> was the client side, and according to the only wiki entry I could find about
> this:
> http://wiki.openswan.org/index.php/Openswan/NatTraversal

That page is very wrong. Please ignore it.

> my client is following the pattern suggested in the "mynatconn" configuration
> except for the rightnexthop (which I don't know and set as %defaultroute).
> The example in the wiki apears to be contrary to your comments about left and
> leftnexthop being in the same subnet as leftsubnet.  I guess I need to do some
> more reading....

Leave out the leftsubnet completely. The rightnexthop wont matter, since it is
the config part of the other end, which is not being used.

I still believe that your udp 500 packets are being lost though, since the
very first ipsec packet you sent is lost and retransmitted. You can try and
confirm that by stopping openswan and doing an 'ikeping' to the remote server.



More information about the Users mailing list