[Openswan Users] Shouldn't this be NATed?

Paul Wouters paul at xelerance.com
Sat Sep 24 00:27:20 EDT 2011


On Fri, 23 Sep 2011, James Nelson II wrote:

> Those answers are unfortunately yes, yes, and yes.

Ahh, but:

>>> 004 "ec2check" #7: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP/NAT=>0xbcd53ec2 <0x6981795a
>>> xfrm=3DES_0-HMAC_MD5 NATOA=none NATD=none DPD=none}

Note it does say "ESP/NAT". check if UDP 4500 is open? Note that this means
you might need to allow 4500 -> random high port and randomin high
port -> 4500

Paul


More information about the Users mailing list