[Openswan Users] host to host ipsec vpn tunnel through NAT

Neal Murphy neal.p.murphy at alum.wpi.edu
Wed Oct 9 19:40:49 UTC 2013

On Wednesday, October 09, 2013 02:29:06 PM Michael Chan wrote:
> Hi,
>     I'm trying to setup a vpn connection from my client to server through a
> NAT router, but I'm not getting the connection up. My topology looks like
> this:

Generally speaking, both sides need to speak NAT_TRAVERSAL and your firewall 
must allow UDP port 4500--and maybe port 500--out.

During testing, I have forwarded ports 500 and 4500 to an internal host; this
allowed an external host to initiate a VPN with my internal (NATted) host. But 
typically (without such port forwards), the NATted host must initiate the VPN 
because the remote cannot.

Post your ipsec.conf if still you have no joy.


More information about the Users mailing list