[Openswan Users] Problem with a client behind a double NAT

alet at librelogiciel.com alet at librelogiciel.com
Sun Mar 28 23:57:23 EDT 2010

Hi there,

Our VPN gateway is not behind a nat box, but usually our roadwarriors
clients are behind a DSL modem/router/NAT box, all works fine.

One of our clients has a particular setup :

 PCs <-> NAT Box <-> NAT Box <-> ISP <-> Internet <-> Our VPN
           #1          #2

His DSL modem/router/NAT box (#2) is the property of his ISP, and only
his ISP can access to it and manage it to change its configuration, a
boring process... This box also does IP phone and TV.

I know he has asked his ISP to have their own NAT box forward all
packets to his own box, behind which some PCs are servers, and so he can
modify the configuration easily, but can such a setup work at all ?
Currently only the ISAKMP SA can be established. Is there something to
take care of or to ask his to ISP wrt the configuration of #2 ?


Jerome Alet

More information about the Users mailing list