[Openswan Users] Muliple Nat traversal Road Warriors with same addresses
Larry Brown
larry.brown at dimensionnetworks.com
Wed Jul 14 11:25:01 EDT 2010
> I have a single Road Warrior successfully connecting to a Openswan
> gateway and communicating to the subnet behind the gateway securely.
> That roadwarrior is behind a firewall allowing all outbound port traffic
> and using NAT. So my roadwarrior has an IP address of 192.168.1.12.
> When I get packets from the roadwarrior and when I send packets to that
> roadwarrior they are addressed from/to 192.168.1.12. When another
> roadwarrior happens to be behind someone else's firewall and happens to
> get 192.168.1.12 I expect I will have a problem. How can I overcome
> this problem with Openswan and IPSEC without using L2tp/ppp or can I?
> Larry
I'm getting the hang of this now...
On the roadwarrior side I have to set up a "virtual ip address" using:
leftsourceip=172.16.2.40
and make sure the virtual_private parameter on both gateway and roadwarrior has:
virtual_private=%v4:172.16.2.0/24
The other roadwarrior needs to have is own ip address IE:
leftsourceip=172.16.2.41
I haven't actually run the test where both connect but this logically avoids the issue. If I'm wrong please pounce as I don't want to steer anyone in the wrong direction. But this seems simple at this point.
Larry
More information about the Users
mailing list