[Openswan Users] One-to-one NAT
Roman Serbski
mefystofel at gmail.com
Tue Feb 21 10:29:01 EST 2012
Hello list,
Appreciate your advise with the configuration of the VPN with
one-to-one NAT on the client side.
The client side is behind the firewall with one-to-one NAT configured.
The VPN server is powered by Ubuntu 8.04.2 with Openswan
U2.4.9/K2.6.24-23-server installed from packages. The server side is
not NAT'ed.
Here is an entry for the remote site in ipsec.conf (server side):
...
config setup
nat_traversal=yes
conn L2TP-PSK-NAT-remote-site-01
authby=secret
auto=start
keyingtries=3
rekey=yes
type=tunnel
left=public.ip.of.remote.firewall
leftsubnet=192.168.100.0/24
leftsourceip=192.168.100.1
right=public.ip.of.vpn.server
rightsubnet=10.0.0.0/8
rightsourceip=private.ip.vpn.server
ipsec.secrets (server side):
public.ip.of.vpn.server public.ip.of.remote.firewall : PSK "xxxxxxxxxxxxxxxxxxx"
Remote site is powered by Ubuntu 9.10 with Openswan U2.6.22/K2.6.31-22-generic.
...
config setup
nat_traversal=yes
conn L2TP-PSK-NAT-remote-site-01
authby=secret
auto=start
type=tunnel
rekey=yes
left=public.ip.of.remote.vpn # this is actually a private IP behind NAT
leftsubnet=192.168.100.0/24
leftsourceip=192.168.100.1
right=public.ip.of.vpn.server
rightsubnet=10.0.0.0/8
rightsourceip=private.ip.of.vpn.server
I'm confused here with regards to left part and ipsec.secrets.
If I leave left=public.ip.of.remote.vpn and 'public.ip.of.vpn.server
public.ip.of.remote.vpn : PSK "xxxxxxxxxxxxxxxxxxx"' in ipsec.secrets
I receive INVALID_ID_INFORMATION error.
If I put left=public.ip.of.remote.firewall I cannot even start ipsec:
We cannot identify ourselves with either end of this connection.
Many thanks in advance.
More information about the Users
mailing list