[Openswan Users] NAT-T and left=%defaultroute
Simon Chan
simon.chan3 at yahoo.ca
Thu Sep 22 16:55:23 EDT 2011
Hi Experts:
I am trying to learn Openswan, starting with a simple NAT'ed setup.
One end is behind a cable modem Nat router. The other end is not Nat'ed.
All the examples I can find tell me to use "left=%defaultroute" which works. If I replace %defaultroute with the real public IP or the cable modem's IP (192.168.x.1) then I get error:
"We cannot identify ourselves with either end of this connection."
Is it possible to get rid of the %defaultroute? Is %defaultroute somehow tied to the default route entry in the routing table?
I need to sort this out before I move on to the more complicated setup:
a Linux box with two WAN links and one LAN link. One WAN link is NAT'ed. We have 20 tunnels right now and I need to move half of those to the NAT'ed link.
Also appreciate pointers on how to configure routing in this multihome situation.
My test environment is as follow.
OS and swan info
================
openswan-2.6.24-8.el6_0.1.x86_64
Centos 6.0
kernel 2.6.32-71.29.1.el6.x86_64
ipsec.conf
=============
version 2.0
config setup
plutodebug="control"
protostack=netkey
nat_traversal=yes
interfaces=%defaultroute
conn office
authby=secret
left=%defaultroute
leftid=192.168.168.5
leftsourceip=192.168.168.5
leftsubnet=192.168.168.0/24
right=216.x.x.x
rightsubnet=192.168.40.0/24
auto=route
Best Regards,
SC
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110922/33c7238c/attachment.html
More information about the Users
mailing list