[Swan] Libreswan NAT

Tuomo Soini tis at foobar.fi
Thu Oct 1 09:34:55 UTC 2015

On Tue, 29 Sep 2015 12:30:14 -0400 (EDT)
Paul Wouters <paul at nohats.ca> wrote:

> > I’m currently trying to setup a VPN through L2TP over IPsec, I have
> > a question regarding NAT compatibility (I haven’t found the answer
> > neither your website nor in you wiki). With the latest release of
> > Libreswan (3.15), is it necessary to create a connection especially
> > for NAT like the first one below?
> I'm not sure. It _should_ work with rightsubnet=vhost:%priv,%no but
> there were problems with that and people did often use two conns/

Two conns are still needed. That's because we exclude virtual_private
excluded subnets without checking if connection is behind nat or not.

Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>

More information about the Swan mailing list