[prev in list] [next in list] [prev in thread] [next in thread]
List: strongswan-users
Subject: [strongSwan] Can't ping over Ipsec/nat-t behind a VoIP Gateway
From: gkeniti () gmail ! com (Glauco Keniti Inoue)
Date: 2004-10-28 16:20:03
Message-ID: 586e35a2041028071913de6c35 () mail ! gmail ! com
[Download RAW message or body]
Hi all,
First time here...
Here's my problem: I need to setup a simple VPN - ipsec conection
betwen two sites behind a Nated network.
Something like this:
host1 - LinuxVPN1 - Gateway1 - ( Internet ) - Gateway2 - LinuxVPN2 - host2
strongswan *
* strongswan
[192.168.1.x] [10.1.1.x] [200.x.x.x] [200.x.xxx]
[10.2.2.x] [192.168.2.x]
* Gateway1,2: Can be:
- Linux: Works fine 100%, ping ok;
- Broadband router: Works fine 100%, ping ok;
- VoIP Gateway: The VPN tunnel is correct, but I can't stablish any
conection betwen hosts...
In the VoIPGateway there is an option that says: "enable Ipsec
passthrough"
Obs.: in a small scenario using VoIP in just one side, works fine too!!
host1 - LinuxVPN1 - VoIPgw1 - ( Internet ) - LinuxVPN2 - host2
strongswan * strongswan
[192.168.1.x] [10.1.1.x] [200.x.x.x] [200.x.xxx] [192.168.2.x]
Question 1: Somebody knows any mistake here??
2: What's the deal with option "nat_traversal=yes" in
ipsec.conf?? Everything here worked without this option...
my ipsec.conf:
conn voip
#local side:
left=%defaultroute
leftsubnet=192.168.1.0/24
leftnexthop=
leftid=200.x.x.x
leftrsasigkey=0sAQNNBvl............
#remote side:
right=200.x.x.x
rightsubnet=192.168.2.0/24
rightnexthop=200.x.x.x
rightid=200.x.x.x
rightrsasigkey=0sAQPh9T...........
auto=add
Thanks!!!!
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic