[Openswan Users] NAT & noNAT

Pete Ashdown pashdown at xmission.com
Tue Sep 20 16:16:03 EDT 2011


On 09/20/2011 11:55 AM, Paul Wouters wrote:
> On Tue, 20 Sep 2011, Pete Ashdown wrote:
>
>> I'm using the l2tp-psk.conf from the examples directory and I can connect
>> NAT clients just fine if I have nat_traversal=yes.  However, when I try
>> to connect a non-NAT public IP, I get messages about "no connection is
>> known".  I have to change nat_traversal=no and comment out the "conn
>> L2TP-PSK-NAT" section, and public addresses can then connect.   The
>> settings for "virtual_private" seem to make no difference either way. 
>> How am I misunderstanding the example?  Is it not possible for openswan
>> to detect a NAT or noNAT from a client and react accordingly?
>
> It shouldwork if you have rightsubnet=%no,%priv
>

Thank you Paul.  I'm guessing this should have a vhost: after the =?  It
didn't work without it.

> Note the "%no" means no NAT, and the "%priv" means "NAT on any of the
> listed IPs within virtual_private".


Why are they both in the LTP-PSX-NAT connection section?  What triggers NAT
traversal?  I presume that a more logical way to do this would be to have:

conn L2TP-PSK-NAT
    rightsubnet=vhost:%priv
    also=L2TP-PSK-noNAT

conn L2TP-PSK-noNAT
    rightsubnet=vhost:%no
    [...]

But Openswan prevents me from defining rightsubnet twice in one config.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
Url : http://lists.openswan.org/pipermail/users/attachments/20110920/1101480f/attachment.bin 


More information about the Users mailing list