[Openswan Users] Tunnel to Cisco w/private ip
Paul Wouters
paul at xelerance.com
Thu Sep 14 21:34:12 EDT 2006
On Thu, 14 Sep 2006, Eyal Marantenboim wrote:
> My peer is a Linux 2.6 running openswan with public ip.
So what are you? I am confused.
> My internal network is 10.1.1.0/24 but the client wants me to nat it
> using 192.168.50.51
>
> I’m trying to connect to a client who uses Cisco concentrator behind NAT
> (192.168.65.10).
I take it that box connects to you and not you to him, since he is behind
NAT?
> The connection works fine. On both sides we see the tunnel up. The only
> problem is that no traffic is going through.
>
> Using tcpdump I see that the traffic is not being encrypted. It’s going
> through my external interface (eth1) but it’s not going throught the
> tunnel.
You are using netkey i think and then you cannot see if the traffic is
encrypted or not. It is most likely encrypted.
> Is there a way that instead of using iptables POSTROUTING to nat my
> private network, to use something else?
Make sure to NAT with a \! -d rule to exclude NAT from packets that will
go through an ipsec tunnel.
> This is my config:
>
> conn tw2
> type=tunnel
> authby=secret
> right=mypublicip
> rightnexthop=myrouter
> auto=start
> left=client’spublicip
> leftid=192.168.65.10
> leftsubnet=ip I’m trying to hit/32
> pfs=no
You can't do this. You have to use auto=add, and let the other end
initiate to you.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list