[Openswan Users] Shouldn't this be NATed?
James Nelson
james.nelson.ii at gmail.com
Fri Sep 23 12:27:47 EDT 2011
I promise, once this gets up, there will be celebrations with rainbows and
puppies and kittens and cocktails. Okay, so it'll probably be just
cocktails.
Same setup as my previous posts, with an Amazon EC2 to Client connection.
When I establish the conn, here is my response:
104 "ec2check" #6: STATE_MAIN_I1: initiate
106 "ec2check" #6: STATE_MAIN_I2: sent MI2, expecting MR2
108 "ec2check" #6: STATE_MAIN_I3: sent MI3, expecting MR3
004 "ec2check" #6: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5
group=modp1024}
117 "ec2check" #7: STATE_QUICK_I1: initiate
003 "ec2check" #7: ignoring informational payload, type
IPSEC_RESPONDER_LIFETIME msgid=a4bbfe57
004 "ec2check" #7: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel
mode {ESP/NAT=>0xbcd53ec2 <0x6981795a xfrm=3DES_0-HMAC_MD5 NATOA=none
NATD=none DPD=none}
In the .conf, nat_traversal=yes & forceencaps=yes. Using Amazon with
Openswan, shouldn't I be expecting NATD to say something other than none?
Don't my packets need to be NATed when using an Elastic IP with EC2? I
believe that the client firewall is expecting NATed traffic to hit their
firewall, which might be why nothing is getting through. Or if this is
correct, what should I be expecting?
-- James
PS Is there a donation page somewhere?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110923/e6c374f4/attachment.html
More information about the Users
mailing list