[Openswan Users] OpenSwan behind a NAT
Paul Wouters
paul at xelerance.com
Fri Mar 7 05:52:18 EST 2008
On Fri, 7 Mar 2008, Daniel Bautista wrote:
> We had a previous working configuration (when there was no NAT) like this:
> left=197.221.84.68
> leftsubnet=10.36.3.0/24
> right=82.61.111.246
> rightsubnet=10.36.30.0/24
> It worked because A and B weren't behind a NAT. But now we want to put B
> behind a NAT, this way:
> B: (eth0: 10.36.30.7 - no eth0:0 - default gw 10.36.30.3)
> router/NAT: (private 10.36.30.3 - public 82.61.105.87)
Your milage may vary, because now you need to have a left= that is part
of leftsubnet=. I've heard different stories about the success of such a
setup.
> What is the best configuration for this? Do we have to use the nat_traversal
> option? Do we have to redirect udp ports 500 and 4500 in the router to
> 10.36.30.7? It seems the router has a NATT option, should we have to use it?
use nat_traversal and virtual_private. Disable all IPsec options on the
router. if you cannot disable all the options on the router, invest $60 in
a linksys.
> OpenSwan 2.4.3
That's a retracted version of Openswan. It existed for 4 days between
Nov 14-18 2005 before a new security release 2.4.4 was made. You should
not be running it. Upgrade to 2.4.12.
Paul
More information about the Users
mailing list