[Openswan Users] Openswan -> openswan two host behind NAT problem - Solved

Paul Wouters paul at xelerance.com
Fri Sep 19 18:51:54 EDT 2008

On Sat, 20 Sep 2008, Steve Kieu wrote:

> Hi, I solved problem myself by looking at the wiki. It is not actually
> clearly documented on the man page that the right should be the public
> accessible IP of the left rather than the VPN endpoints. Also the man
> page does not give an example of such setup otherwise I would not lose
> nearly 5 hours to figure it out. :-)

You're right. Sorry. I've just added a few lines explaining this to the
man page secion on the left= paramter:

If using IP addresses in combination with NAT, always use the actual
local machine's (NAT'ed) IP address, and if the remote (eg right=)
is NAT'ed as well, the remote's public (not NAT'ed) IP address. Note
that this makes the configuration no longer symmetrical on both sides,
so you cannot use an identical configuration file on both.

> But openswan is really, much better than racoon in my experience.



More information about the Users mailing list