Site to site IPsec VPN behind NAT with Openswan on Ubuntu 14.04

Site A

PUBLIC IP (Not behind NAT)

conn SiteX-to-SiteX
authby=secret
pfs=no
auto=start
keyingtries=%forever
ikelifetime=8h
keylife=1h
ike=3des-md5;modp1024
phase2alg=3des-md5
type=tunnel

left=[PUBLIC IP A]
leftsubnet=192.168.1.0/24
leftsourceip=192.168.1.242 # This is required for routing later with static route entry

aggrmode=no

right=[PUBLIC IP B]
rightsubnet=192.168.32.0/24

dpddelay=10
dpdtimeout=3600
dpdaction=restart

Site B

VPN server behind NAT
Ensure that UDP port 500 & 4500 is translated to local VPN server IP

conn SiteX-to-SiteX
authby=secret
pfs=no
auto=start
keyingtries=%forever
ikelifetime=8h
keylife=1h
ike=3des-md5;modp1024
phase2alg=3des-md5
type=tunnel

left=[LOCAL IP] # Due to NAT Server does not have PUBLIC IP
leftid=[PUBLIC IP] # Requires PUBLIC IP of NAT router
leftsubnet=192.168.32.0/24 # Local subnet
leftsourceip=192.168.32.254 # This is required for routing later with static route entry

aggrmode=no

right=[PUBLIC IP B]
rightsubnet=192.168.32.0/24

dpddelay=10
dpdtimeout=3600
dpdaction=restart

 

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top