[Openswan Users] OpenSwan Issue

Willie Gillespie wgillespie+openswan at es2eng.com
Thu May 31 18:20:20 EDT 2012


What is your virtual_private setting?

On 05/31/2012 04:10 PM, Luis Nagaki wrote:
> Nope i tried to and wont work unless i have the port fwd on. The
> server is def on public ip
>
>
>
> On May 31, 2012, at 6:09 PM, Willie Gillespie
> <wgillespie+openswan at es2eng.com>  wrote:
>
>> As long as the client initiates the connection to your server, it should be fine and you won't need to forward any ports.  (This is of course assuming that your server is on a public IP.)
>>
>> The client can then get things started from behind a NAT and will use NAT-T.
>>
>> On 05/31/2012 03:36 PM, Luis Nagaki wrote:
>>> I got it working. i forgot to put rightsubnet= for the VPN server part.
>>>
>>> but still id like to know if theres a work around if the client doesnt
>>> allow me to NAT external to internal port 500
>>>
>>> On Thu, May 31, 2012 at 5:21 PM, Willie Gillespie
>>> <wgillespie+openswan at es2eng.com>   wrote:
>>>> See inline below.
>>>>
>>>>
>>>> On 05/31/2012 11:31 AM, Luis Nagaki wrote:
>>>>>
>>>>> VPN Client behind a Dlink soho Home
>>>>> Quote:
>>>>> conn poller2
>>>>> left=192.168.2.6
>>>>> leftid=@server2
>>>>> leftrsasigkey=0sAQOdr36..| (Removed to make it smaller)
>>>>> leftnexthop=%defaultroute
>>>>> right=PUBLIC IP OF VPN SERVER
>>>>> rightid=@server1
>>>>> rightrsasigkey=0sAQPUN/..| (Removed to make it smaller)
>>>>> rightnexthop=%defaultroute
>>>>> auto=add
>>>>
>>>>
>>>> This looks fine.  left is itself, right is the public IP of the server.
>>>>
>>>>
>>>>
>>>>> VPN Server directly connected to internet
>>>>>
>>>>> Quote:
>>>>> conn central
>>>>> left=PUBLIC IP of VPN Server
>>>>> leftid=@server1
>>>>> leftrsasigkey=0sAQPBY4LedS..| (Removed to make it smaller)
>>>>> leftnexthop=%defaultroute
>>>>> right=192.168.2.6
>>>>> rightid=@server2
>>>>> rightrsasigkey=0sAQOdr366h..| (Removed to make it smaller)
>>>>> rightnexthop=External IP Of SOHO Device? or should i leave %defaultroute
>>>>> auto=add
>>>>
>>>>
>>>> This is what is probably causing you trouble.
>>>> left is itself, which is fine.
>>>> right should be the external IP of the client (SOHO device), since that is
>>>> what the VPN server "sees" trying to connect to it.
>>>>
>>>> _______________________________________________
>>>> Users at lists.openswan.org
>>>> https://lists.openswan.org/mailman/listinfo/users
>>>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>>>> Building and Integrating Virtual Private Networks with Openswan:
>>>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list