[Openswan Users] NAT traversal on Openswan
Tejas Jin
txjin at intelliepi.com
Wed Aug 29 20:58:34 EDT 2007
I am trying to figure out how to set up a linux road warrior with a
linux openswan gateway. The road warrior will be behind a NAT
firewall. I'm not exactly sure what to give the road
warrior as far as leftip address and leftsubnet. Or whether I want to.
I'm really confused as to whether the right and left switch between the
2 computers in the configuration page.
I would like the road warrior computer to be able to connect to the
remote network through a NAT firewall and also be able to connect to the
local network that it is on.
I'm using CentOS 4 on both the Road Warrior and the Gateway with kernel
2.6.9-42.0.2
openswan-2.4.4-1.i386.rpm.
I also have a road warrior with CentOS 5 but I am going to have to wait
until next week to work on that.
----------------------------------------------------------------------------
ipsec.conf (firewall)
config setup
nat_traversal=yes
conn office
keyexchange=ike
esp=3des-md5
ike=3des-md5
authby=secret
pfs=yes
keylife=3600
left=<firewallIP>
leftsubnet=192.168.1.0/24
leftsourceip=192.168.1.1
leftnexthop=%defaultroute
leftid=@firewall
right=%any
rightsubnet=10.10.2.0/24
rightnexthop=%defaultroute
rightid=@warrior
ispsec.secrets
: PSK "mysecretkey"
-------------------------------------------------------------------
ipsec.conf (warrior)
config setup
nat_traversal=yes
conn office
keyexchange=ike
esp=3des-md5
ike=3des-md5
authby=secret
pfs=yes
keylife=3600
right=<firewallIP>
rightsubnet=192.168.1.0/24
rightsourceip=192.168.1.1
rightnexthop=%defaultroute
rightid=@firewall
left=%defaultroute
#leftsubnet=10.10.2.0/24
#rightnexthop=%defaultroute
leftid=@warrior
More information about the Users
mailing list