192.168.1.0/24 as Subnet1 --> 192.168.1.1 : 10.10.10.1 as FreeS/Wan Router 1--> 192.168.10.11 : ext.ip.addr.no1 as external router does nat --> INTERNET INTERNET <-- ext.ip.addr.no2 : 192.168.2.1 : as FreeS/Wan Router 2 192.168.2.0/24 as Subnet 2
your config looks screwed to me. I might be misunderstanding you (i cant see where the hell the ip 10.10.10.1 comes into things, for example), but your definition of the problem makes no sense. For example,
192.168.10.11 is this machine a gateway?
yes, but i do not own it, thats why there comes double NAT in game
whats the gateway at the other end? you dont seem to mention one.
ext.ip.addr.no2 : 192.168.2.1 , that does NAT for subnet 2
Does this mean you dont use NAT the other end?
Both FreeS/Wan Router 1 as well as FreeS/Wan Router 1 are my boxes and doing NAT-gateway for Subnet1&2
but from the ip of the freeswan machine, you use 192.168.2.1, which means you do use nat, yes?
as above
Also, are the ext ip addresses fixed?
Yes
in theory, the machines running freeswan would need external (fixed) IP's to communicate.
Thats the point here, subnet 1 gets double NATed through 10.10.10.1 and ext.ip.addr.no1
If they both sites behind nat walls, how does your external router know how to route traffic between the subnets?
only one side is behinde a net wall. Just an example 192.168.1.100 to 192.168.2.200 : 192.168.1.100 --- [gateway]---> 192.168.1.1 [NAT] 10.10.10.1 --[gateway]--> 10.10.10.11[NAT] ext.ip.addr.no1 ---> INTERNET ROUTING --->ext.ip.addr.no2 [NAT]192.168.2.1----->[gateway]--->192.168.200.200 I've got no routing problem until know, but the message: initial Main Mode message received on ext.ip.addr.2 :500 but no connection has been authorized Further ideas ??? Thx in advance Michael