[prev in list] [next in list] [prev in thread] [next in thread] 

List:       strongswan-users
Subject:    [strongSwan] Can't ping over Ipsec/nat-t behind a VoIP Gateway
From:       gkeniti () gmail ! com (Glauco Keniti Inoue)
Date:       2004-10-28 16:20:03
Message-ID: 586e35a2041028071913de6c35 () mail ! gmail ! com
[Download RAW message or body]

Hi all,

First time here...

Here's my problem: I need to setup a simple VPN - ipsec conection
betwen two sites behind a Nated network.

Something like this: 
   host1 -   LinuxVPN1 -  Gateway1 - ( Internet ) - Gateway2 - LinuxVPN2 - host2
                strongswan           *                                
 *         strongswan
     [192.168.1.x]   [10.1.1.x]    [200.x.x.x] [200.x.xxx]  
[10.2.2.x]   [192.168.2.x]


* Gateway1,2: Can be: 
 - Linux: Works fine 100%, ping ok;
 - Broadband router: Works fine 100%, ping ok;
 - VoIP Gateway: The VPN tunnel is correct, but I can't stablish any
conection betwen hosts...
       In the VoIPGateway there is an option that says: "enable Ipsec
passthrough"


Obs.: in a small scenario using VoIP in just one side, works fine too!!

   host1 -   LinuxVPN1 -  VoIPgw1 - ( Internet ) -  LinuxVPN2 - host2
                strongswan           *                           strongswan
       [192.168.1.x]   [10.1.1.x]    [200.x.x.x] [200.x.xxx]  [192.168.2.x] 

Question 1: Somebody knows any mistake here??
              2: What's the deal with option "nat_traversal=yes" in
ipsec.conf?? Everything here worked without this option...

my ipsec.conf:

conn voip
        #local side:
        left=%defaultroute
        leftsubnet=192.168.1.0/24
        leftnexthop=
        leftid=200.x.x.x
        leftrsasigkey=0sAQNNBvl............
        #remote side:
        right=200.x.x.x
        rightsubnet=192.168.2.0/24
        rightnexthop=200.x.x.x
        rightid=200.x.x.x
        rightrsasigkey=0sAQPh9T...........
        auto=add


Thanks!!!!

[prev in list] [next in list] [prev in thread] [next in thread]