[Openswan Users] Double NAT disconnects after 40+ hours
Kit Peters
cpeters at ucmo.edu
Mon Aug 27 13:02:04 EDT 2012
I have a double NAT setup, and I'm trying to bridge two sides - a local and
a remote - of the same subnet via Openswan and Proxy ARP. Yes, it's goofy.
:)
Here's a rough diagram of the setup:
[ local network ] -> [ local openswan ] -> campus network NAT -> Internet
Internet -> [ remote openswan / firewall ] -> remote network NAT -> [
remote network ]
I can get everything to work, and with Proxy ARP, I can establish
communication between the local and remote networks. However, I lose my
connection after some time - most recently it lasted 45 hours.
What I'm looking for this connection to be up 24/7. I can probably write a
Perl script to bring up the connection if it goes down, but I'd rather keep
the connection up.
local ipsec.conf:
config setup
protostack=netkey
conn L2TP-PSK-CLIENT
authby=secret
pfs=no
rekey=yes
keyingtries=3
type=transport
left=%defaultroute
leftprotoport=17/1701
right=X.X.19.22
rightprotoport=17/1701
auto=add
remote ipsec.conf:
config setup
oe=off
protostack=netkey
nat_traversal=yes
conn L2TP-PSK-NAT
rightsubnet=vhost:%no
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=X.X.19.22
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
--
-
Kit Peters (W0KEH), Engineer II
KMOS TV Channel 6 / KTBG 90.9 FM
University of Central Missouri
http://kmos.org/ | http://ktbg.fm/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20120827/144eba80/attachment.html>
More information about the Users
mailing list