[Openswan Users] ipsec tunnel doesn't up behined NAT
Patrick Naubert
patrickn at xelerance.com
Mon Dec 14 09:00:36 EST 2015
Rescued from the spam bucket, please remember to subscribe to the mailing list before posting to it.
From: "haha " <qiluc at qq.com>
Date: December 14, 2015 at 4:10:19 AM EST
To: "users" <users at lists.openswan.org>
Subject: ipsec tunnel doesn't up behined NAT
hi experts,
i setup a ipsec vpn tunnel, it was ok, but after i installed a NAT in between, the tunnel doesn't up again
please see the configruation
---------------------------------------------
<client side>
----------------------------------------------
ipsec.secrets file:
192.168.177.1 192.168.182.103 : PSK "abc"
ipsec.conf file:
version 2.0
config setup
plutodebug=all
plutostderrlog=/var/log/pluto.log
protostack=netkey
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/16
oe=off
conn to-103
authby=secret
auto=add
ike=3des-md5
keyexchange=ike
phase2=esp
phase2alg=3des-md5
compress=no
pfs=yes
type=tunnel
left=192.168.177.1
leftsubnet=192.168.10.0/24
right=192.168.182.103
rightsubnet=192.168.182.0/24
-------------------------------------------------
<server side>
-------------------------------------------------
ipsec.secrets file:
192.168.182.103 192.168.177.1 : PSK "abc"
ipsec.conf file:
version 2.0
config setup
plutodebug=all
plutostderrlog=/var/log/pluto.log
protostack=netkey
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/16
oe=off
conn to-103
authby=secret
auto=add
ike=3des-md5
keyexchange=ike
phase2=esp
phase2alg=3des-md5
compress=no
pfs=yes
type=tunnel
left=192.168.182.103
leftsubnet=192.168.182.0/24
leftnexthop=192.168.182.95
right=192.168.177.1
rightsubnet=192.168.10.0/24
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20151214/e632286f/attachment.html>
More information about the Users
mailing list