[Openswan Users] About openswan nat detection

Zhiping Liu flyingzpl at gmail.com
Fri Jan 8 00:22:06 EST 2010

Hi list...

I have two linux box(openswan 2.6.23,kernel,both behind
firewall(this might be a problem?),i used these two to build  a
network-to-network connection.
it seems that the ipsec tuunel is up,route is set.but if i ping from one box
to another,no icmp result !

I set nat_traversal=yes in /etc/ipsec.conf,when i start up a connection use

ipsec auto --up CONNECTION

it says:

NAT-Traversal: Only 0 NAT-D - Aborting NAT-Traversal negotiation.

But the two linux box is really behind a firewall,i don't know why openswan
say "Only 0 NAT-D",anyone knows what mechanism is used to detect if ourself
is nated or not?

from Romeo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100108/afdbff1a/attachment.html 

More information about the Users mailing list