[Openswan Users] FW: Do vpn gateways work _behind_ NAT?

Sebastian Wild sw at cronon.org
Mon Apr 27 05:06:59 EDT 2009


I'm doing l2tp over ipsec using openswan and I can connect to my vpn gw
fine from everywhere. If I am at home I get natted twice before I get
out into the internet and it don't affect the vpn at all :)

If you want to be able to reach the subets behind a vpn node you will
need to do the neccessary routing on that node and on your client. My
vpn gw does masquerading via its lan interface so I can reach every box
behind it in that subnet. But I do need a route to the subnet on the
client too because without it the trafic to this subnet will be routed
via the default gateway!

maybe that helps you

cheers
Sebastian

Frank Wilson schrieb:
> I'm resending this because it looks like my last message got messed up:
>
> Do openswan vpn gateways work when they are behind a NAT?
> E.g.
>
> 	{"peas", 192.168.1.2/24}
> 			|
> {192.168.1.1/24, "rice", 20.20.20.20/24}
> 			|
> 		{Internet}
> 			|
> {192.168.2.1/24, "mash", 20.20.20.21/24} 
> 			|
> 	{"bangers", 192.168.2.2/24}
>
> (for each NAT, the public interface/ip is on the right)
>
>
> If "rice" and "mash" provide NAT for their respective networks, can "peas"
> and "bangers" connect via an openswan ipsec tunnel? Can they put the rest of
> their respective subnets on the new vpn?
>
> I'm having real problems setting up a similar vpn, and I'm wondering whether
> I have totally misunderstood the capabilities of NAT-T.
>
> Thanks for your help,
>
> Frank
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>   


-- 

"Wir kennen den Täter, und müssen ihn ziehen lassen. Einen schönen Tag noch, Mörder!" (Derrick)

Cronon AG
Servertechnik/Administration
------------------------------------------------------------------------------------
Telefon: + 49 (0)941 - 59 90 - 209
Telefax: + 49 (0)941 - 59 90 - 9209
Servertechnik zentral: +49 (0)941 - 59 90 - 610
E-Mail:    sw at cronon.org
Website: http://www.cronon.org
------------------------------------------------------------------------------------
Cronon AG
Niederlassung Regensburg
Obermünsterstraße 9
93047 Regensburg
------------------------------------------------------------------------------------
Vorsitzender des Aufsichtsrates: Damian Schmidt
Vorstand: Florian Heinz, Viktor Hinterleitner,
Christian Mueller, Wolfgang von Hardenberg
Amtsgericht Berlin-Charlottenburg HRB 77957 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2253 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.openswan.org/pipermail/users/attachments/20090427/4711e4dc/attachment.bin 


More information about the Users mailing list