[Openswan Users] change to NAT rules so pulic IP address of openswan boxes accessible from remote LAN?

M B sf1882 at gmail.com
Mon Jan 10 23:27:45 EST 2011 

in looking over my ipsec.conf i forgot that i already had changed it as i
have multiple subs on the right side.  so, it actually looks like this:

conn first-subnet
  rightsubnet=192.168.10.0/24
  also=LANWC-TO-LANEC

conn second-subnet
  rightsubnet=192.168.200.0/24
  also=LANWC-TO-LANEC

conn LANWC-TO-LANEC
  authby=secret
  left=69.105.2.X
  leftsubnet=192.168.0.0/24
  leftnexthop=%defaultroute
  right=173.12.38.X
  rightnexthop=%defaultroute
  auto=start

this being the case wouldn't my last connection enty cover the left LAN to
public IP of right hand side?  and yes, the 69.X.X.X is the pub IP of the
lefthand openswan box and the 173.X.X.X is the pub of the right hand
openswan box.

thx-

On Mon, Jan 10, 2011 at 8:10 PM, Paul Wouters <paul at xelerance.com> wrote:

> On Mon, 10 Jan 2011, M B wrote:
>
>  ok.. so, if the public IP address is not part of the tunnel why are the
>> openswan boxes sending packets to the pub IPs across the tunnel?
>>
>
> It is part of the tunnel, but not in a regular way.
>
>
>  here's my connection for the subnet-subnet tunnel:
>>
>> conn LANWC-TO-LANEC
>>   authby=secret
>>   left=69.105.X.X
>>   leftsubnet=192.168.0.0/24
>>   leftnexthop=%defaultroute
>>   right=173.12.X.X
>>   rightsubnet=192.168.10.0/24
>>   rightnexthop=%defaultroute
>>   auto=start
>>
>
> if your openswan box does not have either 69.105.X.X or 173.12.X.X
> configured on the box
> itself, this will not work. You need to define your end by its local ip.
>
>
>  what would i need to add to setup the subnet-public IP connection?
>> something like:
>>
>> conn LANWC-TO-ECPUB
>>   authby=secret
>>   left=69.105.X.X
>>   leftsubnet=192.168.0.0/24
>>   leftnexthop=%defaultroute
>>   right=172.12.X.X
>>   rightsubnet=172.12.X.X/29
>>
>
> If you need the /29 then yes. If you just need the one IP, and it is the
> same as right
> itself, you can just leave out rightsubnet=
>
> Paul
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110110/fd6da038/attachment-0001.html

More information about the Users mailing list