[Openswan Users] NAT & noNAT

Paul Wouters paul at xelerance.com
Wed Sep 21 13:52:15 EDT 2011


On Tue, 20 Sep 2011, Pete Ashdown wrote:

>> It shouldwork if you have rightsubnet=%no,%priv
>>
>
> Thank you Paul.  I'm guessing this should have a vhost: after the =?  It
> didn't work without it.

Yes. Sorry.

>> Note the "%no" means no NAT, and the "%priv" means "NAT on any of the
>> listed IPs within virtual_private".
>
>
> Why are they both in the LTP-PSX-NAT connection section?  What triggers NAT
> traversal?  I presume that a more logical way to do this would be to have:
>
> conn L2TP-PSK-NAT
>    rightsubnet=vhost:%priv
>    also=L2TP-PSK-noNAT
>
> conn L2TP-PSK-noNAT
>    rightsubnet=vhost:%no
>    [...]
>
> But Openswan prevents me from defining rightsubnet twice in one config.

Yeah, in that example you leave out the rightsubnet in L2TP-PSK-noNAT

I do not use two conns, I use one conn.

Paul


More information about the Users mailing list