[Openswan Users] Host-To-Host over NAT
Lipinski, Steven L (Steve)
lipinski at alcatel-lucent.com
Wed Apr 8 14:38:06 EDT 2009
I'm trying to configure two systems (both running Openswan on RedHat) to
establish an IPSec tunnel. This is strictly a host-to-host connection,
and I believe I need to use transport mode (I don't believe tunnel mode
will work given our restrictions). The trick is that one or both hosts
may be behind a NAT device, and the mate host need not be configured
with the private IP Addressing information used behind the NAT device.
So, for example:
Host_A ------- Unsecure Network -------- NAT_Device --------------
Host_B
10.20.30.40 50.60.70.80 192.168.0.1
192.168.0.2
|============================ Tunnel =============================|
The desire is to configure Host_A so that it is unaware of the
192.168.0.0/24 network; Host_B is fully aware of it's connectivity
through NAT and is aware of the forwarding, etc.; and Host_A and Host_B
are the IPSec endpoints and not the NAT Device.
We configured forwarding on the NAT Device so it forwards all UDP/500
and UDP/4500 traffic to Host_B. Note, however, that the tunnel needs to
be able to be initiated from either side... So, a standard road-warrior
configuration won't work.
Is this possible with Openswan? We have tried numerous things to no
avail...
More information about the Users
mailing list