[Openswan Users] Muliple Nat traversal Road Warriors with same addresses

Larry Brown larry.brown at dimensionnetworks.com
Wed Jul 14 11:25:01 EDT 2010


> I have a single Road Warrior successfully connecting to a Openswan
> gateway and communicating to the subnet behind the gateway securely.
> That roadwarrior is behind a firewall allowing all outbound port traffic
> and using NAT.  So my roadwarrior has an IP address of 192.168.1.12.

> When I get packets from the roadwarrior and when I send packets to that
> roadwarrior they are addressed from/to 192.168.1.12.  When another
> roadwarrior happens to be behind someone else's firewall and happens to
> get 192.168.1.12 I expect I will have a problem.  How can I overcome
> this problem with Openswan and IPSEC without using L2tp/ppp or can I?

> Larry

I'm getting the hang of this now...

On the roadwarrior side I have to set up a "virtual ip address" using:

leftsourceip=172.16.2.40

and make sure the virtual_private parameter on both gateway and roadwarrior has:

virtual_private=%v4:172.16.2.0/24

The other roadwarrior needs to have is own ip address IE:

leftsourceip=172.16.2.41

I haven't actually run the test where both connect but this logically avoids the issue.  If I'm wrong please pounce as I don't want to steer anyone in the wrong direction.  But this seems simple at this point.

Larry



More information about the Users mailing list