[strongSwan] NAT-T and StrongSwan conf
Alex Lucas
alexander.lucas at tlscontact.com
Tue Nov 15 07:54:43 CET 2011
Hi Tobias,
OpenSwan ipsec.conf:
config setup
nat_traversal=yes
protostack=netkey
conn psk-nat
rightsubnet=vhost:%priv
also=psk-nonat
conn psk-nonat
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
dpddelay=5
dpdtimeout=10
dpdaction=clear
ikelifetime=8h
keylife=1h
type=transport
left=10.0.0.5 # vpn server ip
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
conn passthrough-for-non-l2tp
type=passthrough
left=10.0.0.5 # vpn server ip
leftnexthop=10.0.0.1 # router in front of vpn server
right=0.0.0.0
rightsubnet=0.0.0.0/0
auto=route
On 15/11/11 14:44, Tobias Brunner wrote:
> Hi Alex,
>
>> Thank you for your help and suggestions guys, got it working with
>> OpenSwan.
> Interesting. Would you care to share the config that enabled you to do
> this with OpenSwan? Because I'm pretty sure L2TP/IPsec with destination
> NAT (i.e. the responder behind a NAT) is currently not possible with
> strongSwan.
>
> Thanks,
> Tobias
More information about the Users
mailing list