Thank you for your help and suggestions guys, got it working with OpenSwan.
On 09/11/11 10:55, Alex Lucas wrote:
Dears,
No ideas? I've tried a lot of combinations of config, including
specifying very specific IPs for left, leftsubnet, right,
rightsubnet, rightid etc. The docs are not too
Hi Alex,
Thank you for your help and suggestions guys, got it working with
OpenSwan.
Interesting. Would you care to share the config that enabled you to do
this with OpenSwan? Because I'm pretty sure L2TP/IPsec with destination
NAT (i.e. the responder behind a NAT) is currently not possible
Hi Tobias,
OpenSwan ipsec.conf:
config setup
nat_traversal=yes
protostack=netkey
conn psk-nat
rightsubnet=vhost:%priv
also=psk-nonat
conn psk-nonat
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
dpddelay=5
dpdtimeout=10
Dears,
No ideas? I've tried a lot of combinations of config, including
specifying very specific IPs for left, leftsubnet, right,
rightsubnet, rightid etc. The docs are not too helpful for NAT or
especially double-NAT (which seems to be the case here) scenarios.
BR,
Alex
On 02/11/11 10:07,
Hi,
The NAT-T stuff is very complicated. My VPN server is behind a router
and I enabled port forwarding for ports 500/udp, 4500/udp.
Now when I connect via Internet, I get the following log:
Nov 2 09:58:09 vpntest.local pluto[3745]: L2TP[1] 10.100.30.1:15541
#1: responding to Main Mode from