[Openswan Users] NAT traversal on Openswan

Tejas Jin txjin at intelliepi.com
Wed Aug 29 20:58:34 EDT 2007


I am trying to figure out how to set up a linux road warrior with a 
linux openswan gateway.  The road warrior will be behind a NAT 
firewall.    I'm not exactly sure what to give the road
warrior as far as leftip address and leftsubnet.  Or whether I want to.
I'm really confused as to whether the right and left switch between the 
2 computers in the configuration page. 
I would like the road warrior computer to be able to connect to the 
remote network through a NAT firewall and also be able to connect to the 
local network that it is on.
I'm using CentOS 4 on both the Road Warrior and the Gateway with kernel 
2.6.9-42.0.2
openswan-2.4.4-1.i386.rpm.

I also have a road warrior with CentOS 5 but I am going to have to wait 
until next week to work on that.

----------------------------------------------------------------------------
ipsec.conf (firewall)

config setup
       nat_traversal=yes


conn office
        keyexchange=ike
        esp=3des-md5
        ike=3des-md5
        authby=secret
        pfs=yes
        keylife=3600
        left=<firewallIP>
        leftsubnet=192.168.1.0/24
        leftsourceip=192.168.1.1
        leftnexthop=%defaultroute
        leftid=@firewall
        right=%any
        rightsubnet=10.10.2.0/24
        rightnexthop=%defaultroute
        rightid=@warrior



ispsec.secrets
: PSK "mysecretkey"
-------------------------------------------------------------------
ipsec.conf (warrior)

config setup
       nat_traversal=yes


conn office
        keyexchange=ike
        esp=3des-md5
        ike=3des-md5
        authby=secret
        pfs=yes
        keylife=3600
        right=<firewallIP>
        rightsubnet=192.168.1.0/24
        rightsourceip=192.168.1.1
        rightnexthop=%defaultroute
        rightid=@firewall
        left=%defaultroute
        #leftsubnet=10.10.2.0/24
        #rightnexthop=%defaultroute
        leftid=@warrior




More information about the Users mailing list