[Openswan Users] NAT & noNAT
Pete Ashdown
pashdown at xmission.com
Tue Sep 20 16:16:03 EDT 2011
On 09/20/2011 11:55 AM, Paul Wouters wrote:
> On Tue, 20 Sep 2011, Pete Ashdown wrote:
>
>> I'm using the l2tp-psk.conf from the examples directory and I can connect
>> NAT clients just fine if I have nat_traversal=yes. However, when I try
>> to connect a non-NAT public IP, I get messages about "no connection is
>> known". I have to change nat_traversal=no and comment out the "conn
>> L2TP-PSK-NAT" section, and public addresses can then connect. The
>> settings for "virtual_private" seem to make no difference either way.
>> How am I misunderstanding the example? Is it not possible for openswan
>> to detect a NAT or noNAT from a client and react accordingly?
>
> It shouldwork if you have rightsubnet=%no,%priv
>
Thank you Paul. I'm guessing this should have a vhost: after the =? It
didn't work without it.
> Note the "%no" means no NAT, and the "%priv" means "NAT on any of the
> listed IPs within virtual_private".
Why are they both in the LTP-PSX-NAT connection section? What triggers NAT
traversal? I presume that a more logical way to do this would be to have:
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
rightsubnet=vhost:%no
[...]
But Openswan prevents me from defining rightsubnet twice in one config.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 254 bytes
Desc: OpenPGP digital signature
Url : http://lists.openswan.org/pipermail/users/attachments/20110920/1101480f/attachment.bin
More information about the Users
mailing list