[Openswan Users] After upgrade to OpenSwan 2.6.22, VPN behind NAT stop to works...with Valid IP it's OK!

Eduardo Coelho eduardo at lettel.com.br
Tue Aug 4 07:54:12 EDT 2009 

I can't get in http://bugs.openswan.org/, always got timeout in my browser...can you describe the bug for me?

My real needs are:
- close IPSEC tunnels to XP/Vista Notebook's RoadWarriors (already working with L2TP/PSK)

conn L2TP-PSK
        authby=secret
        pfs=no
        auto=add
        keyingtries=3
        rekey=no
        type=transport
        left=%defaultroute
        leftprotoport=17/1701
        right=%any
        rightsubnet=vhost:%no,%priv
        rightprotoport=17/1701

- close IPSEC tunnels to Nokia E71 (working one tunnel at time with PSK as on http://wiki.paepstin.info/nokia:vpn)

conn E71
        ike=aes256-sha1-modp1536
        esp=aes256-sha1
        authby=secret
        auto=add
        keyingtries=10
        rekey=no
        ikelifetime=8h
        pfs=no
        modecfgpull=yes
        left=%defaultroute
        leftxauthserver=yes
        leftmodecfgserver=yes
        leftsourceip=10.28.39.1
        leftsubnet=0.0.0.0/0
        right=%any
        rightxauthclient=yes
        rightmodecfgclient=yes
        rightsourceip=10.28.39.2
        rightsubnet=10.28.39.2/32

Where I got stuck (that's why I tried the latest version with the hope that will fix the issues below):

- When I put the config above together always try get the last tunnel...I need a VPN server for mobiles and notebooks roadwarriors on same linux box

- I can't get more than one tunnel with mobile config above and I have more than 50 E71 to close VPN (using L2TP with notebooks is more easy because in /etc/chap-secrets I put an ip address for each user using the same L2TP-PSK conn)

What is the latest version that works with NAT-T and what config can I use to get all this stuff working together? Thanks! 

Best Regards,
Eduardo


-----Mensagem original-----
De: Tuomo Soini [mailto:tis at foobar.fi] 
Enviada em: terça-feira, 4 de agosto de 2009 02:46
Para: Eduardo Coelho
Cc: users at openswan.org
Assunto: [Spam] Re: [Openswan Users] After upgrade to OpenSwan 2.6.22, VPN behind NAT stop to works...with Valid IP it's OK!

Eduardo Coelho wrote:

> After upgrade OpenSwan on Ubuntu, VPN behind NAT stop to work...with
> valid ip it's ok!

This is known problem with openswan-2.6.22. Check bug #1004 in bug
system for more info.

-- 
Tuomo Soini <tis at foobar.fi>
Foobar Linux services
+358 40 5240030
Foobar Oy <http://foobar.fi/>

More information about the Users mailing list