[Openswan Users] About openswan nat detection

Paul Wouters paul at xelerance.com
Fri Jan 8 09:07:42 EST 2010

On Fri, 8 Jan 2010, Zhiping Liu wrote:

> Hi list...
> I have two linux box(openswan 2.6.23,kernel,both behind firewall(this might be a problem?),i used these two to
> build  a network-to-network connection.
> it seems that the ipsec tuunel is up,route is set.but if i ping from one box to another,no icmp result !
> I set nat_traversal=yes in /etc/ipsec.conf,when i start up a connection use command:
> ipsec auto --up CONNECTION
> it says:
> NAT-Traversal: Only 0 NAT-D - Aborting NAT-Traversal negotiation.
> But the two linux box is really behind a firewall,i don't know why openswan say "Only 0 NAT-D",anyone knows what
> mechanism is used to detect if ourself is nated or not?

Your firewall is doing ipsec or you are not forwarding all the right ports, and perhaps
forgot port udp 4500?


More information about the Users mailing list