[Openswan Users] Patch 2.6.37 for use with NAT-T (stack klips)

Diogo V. kersting k at brlix.com
Fri Mar 25 11:39:49 EDT 2011

Finally I made it work.

A had a good look at the book Building and Integrating VPN with Openswan,
which cleared things for me.

My mistakes at the time were:
1) I was ping'ing  the external IP of the other gateway to test a
gateway-to-gateway connection. If you do that the packet will not be
2) I was not setting rightsourceip, so when I ping'ed the internal IP of the
other gateway I had no response.

After that I was having other problems.
On my server that is behind nat I had to do a port foward (DNAT) of the
gateway to the IPSec server machine.
The roadwarrior side of ipsec was not recognizing the ID of the server.
That's because the server send it's id as his internal IP address, and the
client was expeting the external one.
To fix that I had to set the rightid=<Internal IP of IPSec Server> on
roadwarrior's ipsec.conf.

Now everthing is working fine. Thank's for your help, and thank you to the
developers for the great work.

On Wed, Mar 23, 2011 at 6:08 PM, David McCullough <
david_mccullough at mcafee.com> wrote:

> Jivin Diogo V. kersting lays it down ...

> Perhaps you can describe your problem with NAT-T and 2.6.37 ?
> Cheers,
> Davidm
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110325/35b1e20a/attachment.html 

More information about the Users mailing list