[Openswan Users] Public subnet extrusion

Niccolò Belli darkbasic at linuxsystems.it
Thu Feb 23 19:17:39 EST 2012


Hi,

Host A is a server with a 5.5.5.0/24 public subnet, host B is a 
roadwarrior (dynamic ip, nat).

I want to give a public ip to the roadwarrior (let's say 5.5.5.100).
The roadwarrior's internal ip is in the 192.168.20.0/24 range (let's say 
192.168.20.150).

Server (A) ipsec.conf:

nat_traversal=yes

conn server-roadwarrior
	authby=rsasig
	left=5.5.5.1
	leftsubnet=0.0.0.0/0
	leftrsasigkey=...
	right=%any
	rightsubnet=5.5.5.100/32
	rightid=@laptop
	rightrsasigkey=...
	type=tunnel
	auto=add

Roadbarrior (B) ipsec.conf

nat_traversal=yes

conn roadwarrior-server
	authby=rsasig
	left=%defaultroute
	leftsubnet=5.5.5.100/32
	#leftsourceip=5.5.5.100
	leftid=@laptop
	leftrsasigkey=...
	right=5.5.5.1
	rightsubnet=0.0.0.0/0
	rightrsasigkey=...
	type=tunnel
	auto=start


I can ping 5.5.5.100 from server A but the roadwarrior can't reach 
server A. I can surf the web but it doesn't tunnel the traffic at all 
(IP isn't 5.5.5.100). I tried adding leftsourceip=5.5.5.100 in the 
roadwarrior but I can't even reach server A to establish the vpn 
connection such a way!

Niccolò


More information about the Users mailing list