[Openswan Users] Am I actually using NAT?
james.nelson.ii at gmail.com
Thu Sep 22 12:17:33 EDT 2011
Me again. Paul, I appreciate your assistance greatly up to this point.
I've simplified my original configuration, but still can't see any traffic
after the Ipsec SA established tunnel mode is enabled. I try pinging or
hitting servers on the client side from my Amazon EC2 server and get
silence. The client side says they can't even see any traffic hitting their
firewall, much less passing through it.
1) Assume we have a fresh installation. From the Amazon end, upon the
creation of the server, besides disabling ICMP send and accept redirects and
enabling ip forwarding, is there anything else that has to be done on the
instance? (ifconfig, port opening, iptables, etc...) This is where my
knowledge is weakest, and therefore where I'm most concerned I'm missing
something obvious or stupid that any network engineer would know.
2) After establishing the SA tunnel, what is the best way to test whether or
not I can send traffic to the client, and how can I tell if its being
NAT'ed/going through the correct ports (UDP 500/4500)? Right now, I've been
just trying to ping the client gateway or using elinks to see if I can reach
the client WSDL addresses for download.
# exclude networks used on server side by adding %v4:!a.b.c.0/24
# which IPsec stack to use. netkey,klips,mast,auto or none
left=<AMAZON LOCAL IP>
leftid=<AMAZON ELASTIC IP>
right=<CLIENT CHECKPOINT GATEWAY>
rightid=<CLIENT CHECKPOINT GATEWAY>
rightsubnet=<CLIENT INTERNAL NETWORK>
* * *
The route I'm trying for is
Amazon Local---------------Amazon Elastic===Internet===Client
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users