[Openswan Users] NAT traversal on Openswan
Tejas Jin
txjin at intelliepi.com
Fri Aug 31 16:04:12 EDT 2007
192.168.3.0/24===75.107.111.99[@firewall]...76.184.110.195[@warrior]===192.168.1.232/32
It works now, imagine that. The only difference was that I set up
virtual_private=%v4:192.168.1.0/24 instead of
virtual_private=192.168.1.0/24
Ahhh, like pinging a computer for the first time.
ipsec.secrets [on both]
---------------------------------------------------
: PSK "whatevermysecretis"
ipsec.conf [firewall]
-----------------------------------------------------------------
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing"
virtual_private=%v4:192.168.1.0/24
nat_traversal=yes
conn office
keyexchange=ike
esp=3des-md5
ike=3des-md5
authby=secret
pfs=yes
keylife=3600
left=75.107.111.99
leftsubnet=192.168.3.0/24
leftsourceip=192.168.3.177
leftnexthop=%defaultroute
leftid=@firewall
right=%any
#rightsubnet=192.168.1.0/24
rightsubnet=vhost:%priv,%no
rightnexthop=%defaultroute
rightid=@warrior
ipsec.conf [on warrior]
------------------------------------
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing"
nat_traversal=yes
conn office
keyexchange=ike
esp=3des-md5
ike=3des-md5
authby=secret
pfs=yes
keylife=3600
right=75.107.111.99
rightsubnet=192.168.3.0/24
#rightsourceip=192.168.3.177
rightnexthop=%defaultroute
rightid=@firewall
left=%defaultroute
#leftsubnet=vhost:%priv,%no
#rightnexthop=%defaultroute
leftid=@warrior
More information about the Users
mailing list