[Openswan Users] Old user having troubles with new techniques
Larry Brown
larry.brown at dimensionnetworks.com
Thu Jul 1 10:35:41 EDT 2010
On Wed, 2010-06-30 at 09:54 -0700, Bob Miller wrote:
>> good luck, persistence is key...
>>
>OK, so a test I ran just now was to move my road warrior to connect
>directly to the public network so it was not behind a NATed gateway.
>Pings were picked up and delivered and returned without issue.
>Go figure. So something in NAT traversal is screwed up?
By the way, just to rule out iptables I flushed all the additions made
in troubleshooting and the packets were still correctly routed. The only
change necessary outside of the ipsec.conf was setting the proc ip_forward
value to 1. Other than that, no marking etc. Now maybe the marking etc
is necessary to get nat traversal working, I don't know. And I have to get
nat traversal working as 90% of where the roadwarriors will be are going to
be behind NAT devices...
More information about the Users
mailing list