[Openswan Users] Shouldn't this be NATed?
James Nelson
james.nelson.ii at gmail.com
Mon Sep 26 18:30:06 EDT 2011
Paul,
Thanks again for your continued conversation in troubleshooting this.
Unfortunately we have all of those bases covered. If the tunnel is
actually created between Amazon and the client, should I see a new interface
within ifconfig? If there's nothing new created, does that narrow down where
the problem could lie? Or does it just go through eth0 with everything
else?
Cheers,
-James
On Mon, Sep 26, 2011 at 12:27 PM, Paul Wouters <paul at xelerance.com> wrote:
> On Sun, 25 Sep 2011, James Nelson wrote:
>
> My netstat isn't showing anything from 500 or 4500- should it?
>>
>
> On UDP yes, not on TCP.
>
>
> ACCEPT udp -- anywhere anywhere udp spt:4500
>> dpt:4500
>>
>
> This does not cover the fact that the client might be behind NAT, so the
> port moves from 4500 to whatever the NAT router picks. You need to allow
> 4500 <-> randomg high ports
>
> Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110926/597a6f13/attachment-0001.html
More information about the Users
mailing list