[Openswan Users] host to host ipsec vpn tunnel through NAT
Neal Murphy
neal.p.murphy at alum.wpi.edu
Wed Oct 9 19:40:49 UTC 2013
On Wednesday, October 09, 2013 02:29:06 PM Michael Chan wrote:
> Hi,
> I'm trying to setup a vpn connection from my client to server through a
> NAT router, but I'm not getting the connection up. My topology looks like
> this:
Generally speaking, both sides need to speak NAT_TRAVERSAL and your firewall
must allow UDP port 4500--and maybe port 500--out.
During testing, I have forwarded ports 500 and 4500 to an internal host; this
allowed an external host to initiate a VPN with my internal (NATted) host. But
typically (without such port forwards), the NATted host must initiate the VPN
because the remote cannot.
Post your ipsec.conf if still you have no joy.
N
More information about the Users
mailing list