<DIV><FONT size=2>
<P>Hi, All</P>
<P>I have tried to setup roadwarrior work for two weeks. Please help me if there is anything wrong with my setup.</P>
<P>Based on Nate Carlson's web, I have roadwarrior setup between window2000 and linux kernel 2.2.20, another linux box</P>
<P>run as gateway. Window(10.22.8.220) ---- gateway(external 10.22.41.115, internal 172.1.1.254) --- subnet(172.1.1.5).</P></FONT><FONT face="Courier New" size=2>
<P>linux gateway:</P>
<P>config setup</P>
<P>interfaces=%defaultroute</P>
<P>nat_traversal=yes</P>
<P>virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16</P>
<P>klipsdebug=none</P>
<P>plutodebug=all</P>
<P></P>
<P># Defaults for all connection descriptions</P>
<P>conn %default</P>
<P>keyingtries=0</P>
<P>compress=yes</P>
<P>disablearrivalcheck=no</P>
<P>authby=rsasig</P>
<P>leftrsasigkey=%cert</P>
<P>rightrsasigkey=%cert</P>
<P>conn roadwarrior-net</P>
<P>leftsubnet=172.1.1.0/24</P>
<P>also=roadwarrior</P>
<P>conn roadwarrior</P>
<P>left=%defaultroute</P>
<P>leftcert=node115.key</P>
<P>right=%any</P>
<P>rightsubnet=vhost:%no,%priv</P>
<P>auto=add</P>
<P>pfs=yes</P>
<P>//////////////////////</P>
<P>linux box in subnet(172.1.1.5/24)</P>
<P># basic configuration</P>
<P>config setup</P>
<P>interfaces=%defaultroute</P>
<P>nat_traversal=yes</P>
<P>klipsdebug=none</P>
<P>plutodebug=all</P>
<P></P>
<P># Defaults for all connection descriptions</P>
<P>conn %default</P>
<P>keyingtries=0</P>
<P>compress=yes</P>
<P>disablearrivalcheck=no</P>
<P>authby=rsasig</P>
<P>leftrsasigkey=%cert</P>
<P>rightrsasigkey=%cert</P>
<P>conn roadwarrior-net</P>
<P>leftsubnet=172.1.1.0/24</P>
<P>also=roadwarrior</P>
<P>conn roadwarrior</P>
<P>left=10.22.41.115</P>
<P>leftcert=node115.key</P>
<P>right=%defaultroute</P>
<P>rightcert=node82.key</P>
<P>auto=add</P>
<P>pfs=yes</P>
<P>//windows setup</P>
<P>conn roadwarrior</P>
<P>left=%any</P>
<P>right=10.22.41.115</P>
<P>rightca="C=US,ST=MA,L=xxx,O=xxx,OU=software,CN=xxx04072005"</P>
<P>network=auto</P>
<P>auto=start</P>
<P>pfs=yes</P>
<P>#rightsubnet=172.1.1.0/255.255.255.0</P>
<P>conn roadwarrior-net</P>
<P>left=%any</P>
<P>right=10.22.41.115</P>
<P>rightsubnet=172.1.1.0/24</P>
<P>rightca="C=US,ST=MA,L=xxx,O=xxx,OU=software,CN=xxx04072005"</P>
<P>network=auto</P>
<P>auto=start</P>
<P>pfs=yes</P>
<P>With this setup, window connects to gateway works fine, also I bring up roadwarrior</P>
<P>on node(172.1.1.5), but if I do "ipsec --up --show roadwarrior-net", it failed on</P>
<P>"route-host command exited with status 7" and "STATE_QUICK_I1: internal error".</P>
<P>I'm using openswan-1.0.9, and I rebuild the kernel. I suppose NAT-T is enabled, but</P>
<P>I did noticed there is warning said: </P>
<P>received Vendor ID payload [RFC 3947]</P>
<P>NAT-Traversal: Result using RFC3947: no NAT detected</P>
<P> </P>
<P>Your help will really appreciated.</P></FONT><FONT size=2>
<P>Lynn</P></FONT></DIV><p>
<hr size=1>Discover Yahoo!<br>
Have fun online with music videos, cool games, IM & more. <a href="http://us.rd.yahoo.com/evt=32660/*http://discover.yahoo.com/online.html">Check it out!</a>