[Openswan Users] Problem with net-to-net tunnel with NAT on both endpoints
Rodrigo Borges Pereira
rodrigoborgespereira at gmail.com
Tue Dec 17 14:03:54 EST 2013
Maybe someone can give me a hint here... would appreciate it ;)
I have to work with two old ip-pbx appliances that can do routing and also
have a Openswan based IPSEC function. I say old because Openswan version is
2.4.12, and can not be upgraded. Each of them is geographically apart, and
both are connected to the Internet NAT'ed behind a router. Each IP-PBX
appliance has two interface, external (WAN) and internal (LAN). The idea is
to have LAN1 talking with LAN2
The scenario is kinda like this:
LAN1 <-> IPPBX1 <-> NATROUTER1 <- INTERNET -> NATROUTER2 <-> IPPBX2 <-> LAN2
Now, I can actually establish a tunnel between IPPBX1 and IPPBX2. Port
forwardings for 4500 and 500 are configured on both NATROUTER's and both
IPPBX's have NAT-T enabled. So far so good.
Problem now is, LAN1 and LAN2 IP's don't talk with each other at all. Not
even between the LAN IP on each IPPBX. However, when I do stuff like ping,
I can see packets flowing on the external interfaces of each IPPBX (with
tcpdump on 4500/UDP), but then they just seem to be blackholed somehow. The
firewall on these appliances logs every dropped packet, but no drop is
Any suggestion to troubleshoot / understand this? More below is a snip of
the config. I just removed the remote gw public IP address. The
configuration is symmetric on the other endpoint.
Thanks in advance. Rgds.
--- snip ---
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users