[Openswan Users] NAT & noNAT

Paul Wouters paul at xelerance.com
Wed Sep 21 13:52:15 EDT 2011

On Tue, 20 Sep 2011, Pete Ashdown wrote:

>> It shouldwork if you have rightsubnet=%no,%priv
> Thank you Paul.  I'm guessing this should have a vhost: after the =?  It
> didn't work without it.

Yes. Sorry.

>> Note the "%no" means no NAT, and the "%priv" means "NAT on any of the
>> listed IPs within virtual_private".
> Why are they both in the LTP-PSX-NAT connection section?  What triggers NAT
> traversal?  I presume that a more logical way to do this would be to have:
> conn L2TP-PSK-NAT
>    rightsubnet=vhost:%priv
>    also=L2TP-PSK-noNAT
> conn L2TP-PSK-noNAT
>    rightsubnet=vhost:%no
>    [...]
> But Openswan prevents me from defining rightsubnet twice in one config.

Yeah, in that example you leave out the rightsubnet in L2TP-PSK-noNAT

I do not use two conns, I use one conn.


More information about the Users mailing list