[Swan] Libreswan NAT
Paul Wouters
paul at nohats.ca
Tue Sep 29 16:30:14 UTC 2015
On Tue, 29 Sep 2015, Nicolas THIBAUT wrote:
Added a CC: of the mailing list.
> I’m currently trying to setup a VPN through L2TP over IPsec, I have a question regarding NAT compatibility (I haven’t
> found the answer neither your website nor in you wiki).
> With the latest release of Libreswan (3.15), is it necessary to create a connection especially for NAT like the first one
> below?
I'm not sure. It _should_ work with rightsubnet=vhost:%priv,%no but
there were problems with that and people did often use two conns/
> conn L2TP-PSK-NAT
> leftsubnet=vhost:%no
> rightsubnet=vhost:%priv
> also=L2TP-PSK
You should not use vhost: in the leftsubnet part like you did below.
If you do not need to support Windows XP, you should consider dropping
L2TP/IPsec and move to "Cisco mode" (AKA XAUTH)
https://libreswan.org/wiki/VPN_server_for_remote_clients_using_IKEv1_XAUTH
Paul
> conn L2TP-PSK
> type=transport
> authby=secret
> auto=add
> #
> pfs=no
> rekey=no
> #
> dpddelay=30
> dpdtimeout=300
> dpdaction=clear
> #
> left=%defaultroute
> leftprotoport=udp/l2tp
> #
> right=%any
> rightprotoport=udp/%any
>
> Thanks a lot for your time, I hope you can help me!
>
> Regards
> __
>
> Nicolas THIBAUT
> contact at dev2lead.com
> http://dev2lead.com
>
>
>
More information about the Swan
mailing list