[Openswan Users] Shouldn't this be NATed?

James Nelson james.nelson.ii at gmail.com
Mon Sep 26 18:30:06 EDT 2011


Thanks again for your continued conversation in troubleshooting this.
 Unfortunately we have all of those bases covered.  If the tunnel is
actually created between Amazon and the client, should I see a new interface
within ifconfig? If there's nothing new created, does that narrow down where
the problem could lie?  Or does it just go through eth0 with everything


On Mon, Sep 26, 2011 at 12:27 PM, Paul Wouters <paul at xelerance.com> wrote:

> On Sun, 25 Sep 2011, James Nelson wrote:
>  My netstat isn't showing anything from 500 or 4500- should it?
> On UDP yes, not on TCP.
>  ACCEPT     udp  --  anywhere             anywhere            udp spt:4500
>> dpt:4500
> This does not cover the fact that the client might be behind NAT, so the
> port moves from 4500 to whatever the NAT router picks. You need to allow
> 4500 <-> randomg high ports
> Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110926/597a6f13/attachment-0001.html 

More information about the Users mailing list