RE: [Users] NAT Traversal

On Wed, 26 Feb 2003, Jeroen de Meijer wrote:

> To be sure I understand things correctly:
> This is what I want to do:
>
> Super FreeS/WAN client-------NAT Firewall------internet-------Super
> FreeS/WAN gateway-----localnet
>
> If I understand you correctly both the client and the gateway should
> have the patch (so they know how to tunnel the traffic in UDP).

Yes.

> This patch is included in SuperFreeS/WAN if I am correct.

Yes.

> Nothing needs to be done on the NAT firewall?

Yes.

> Do I need any special configuration on the FreeS/WAN gateways or client?
> Special stuff in the ipsec.conf or something?

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek

Yes:

On the gateway you need to add the following in the respective sections:

config setup

	nat_traversal=yes
	virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4
conn roadwarrior
	rightsubnet=vhost:%no,%priv
	

On client:

config setup

        nat_traversal=yes

Good luck :)

Paul
> The Linux VPN Masquerade HOWTO isn't very helpfull... It tells me to
> open all kind of ports on "the firewall" (ans I assume they mean the NAT
> firewall).
>
> Regards,
> Jeroen
>
>

-- 
God devised pigeons as a means of punishment for man. Probably after
the destruction of Sodom and Gomorrha he wanted to make sure that people
would never again feel comfortable enough in a city to repeat the sins
committed there, and he created the pigeons as a means to make the city
dwellers' lives more miserable, as a constant reminder of their past sins.

_______________________________________________
Users mailing list
Users@lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek