<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:st1="urn:schemas-microsoft-com:office:smarttags" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="PlaceType"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="PlaceName"/>
<o:SmartTagType namespaceuri="urn:schemas-microsoft-com:office:smarttags"
name="place"/>
<!--[if !mso]>
<style>
st1\:*{behavior:url(#default#ieooui) }
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.E-postmall17
{mso-style-type:personal-compose;
font-family:Arial;
color:windowtext;}
@page Section1
{size:612.0pt 792.0pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=2 face=Arial><span lang=SV style='font-size:10.0pt;
font-family:Arial'>Hi,<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span lang=SV style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>I need help with a configuration for both nat’ed and
unnat’ed clients. I have laptop computers which connect both by umts (nat’ed)
and directly to the internet (unnat’ed).<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>This is my working configuration for a 3G connected laptop
(Vodafone UMTS card) which uses a NAT’ed connection. But when this laptop
is connected directly to the internet with un’nated connection it cant
establish the connection. See the logdump below ….<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>config setup<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> nat_traversal=yes<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>
forwardcontrol=yes<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.10.0/24<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> nhelpers=0<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>conn %default<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> keyingtries=1<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> compress=yes<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>
disablearrivalcheck=no<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> authby=rsasig<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>
leftrsasigkey=%cert<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>
rightrsasigkey=%cert<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>conn roadwarrior-3G<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> leftcert=myhostname.pem<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> pfs=no <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>
left=%defaultroute<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> leftnexthop=xxx.xxx.xxx.xxx </span></font><font
size=2 face=Wingdings><span style='font-size:10.0pt;font-family:Wingdings'>ß</span></font><font
size=2 face=Arial><span style='font-size:10.0pt;font-family:Arial'> my ISP’s
gateway<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>
leftprotoport=17/1701<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> right=%any<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>
rightsubnet=vhost:%priv,%no<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>
rightprotoport=17/%any<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> auto=add<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>If I instead use the configuration section like below, the
connection works for unnat’ed clients but stops working for the 3G/umts
connection. And if I use both, none works! :-(<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>conn roadwarrior-other<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> leftcert=myhostname.pem<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> pfs=no<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> left=%defaultroute<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> leftprotoport=17/1701<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> right=%any<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> rightprotoport=17/%any<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> auto=add<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Log messages when connecting unnat’ed from public IP…<br>
<br>
Jan 1 21:34:28 suid pluto[9276]: packet from xxx.xxx.xxx.xxx:500:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Jan 1 21:34:28 suid pluto[9276]: packet from xxx.xxx.xxx.xxx:500:
ignoring Vendor ID payload [FRAGMENTATION]<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Jan 1 21:34:28 suid pluto[9276]: packet from xxx.xxx.xxx.xxx:500:
received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 <o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Jan 1 21:34:28 suid pluto[9276]: packet from xxx.xxx.xxx.xxx:500:
ignoring Vendor ID payload [Vid-Initial-Contact]<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Jan 1 21:34:28 suid pluto[9276]:
"roadwarrior-3G"[3] xxx.xxx.xxx.xxx #3: responding to Main Mode from
unknown peer xxx.xxx.xxx.xxx<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Jan 1 21:34:28 suid pluto[9276]:
"roadwarrior-3G"[3] xxx.xxx.xxx.xxx #3: transition from state
STATE_MAIN_R0 to state STATE_MAIN_R1<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Jan 1 21:34:28 suid pluto[9276]:
"roadwarrior-3G"[3] xxx.xxx.xxx.xxx #3: STATE_MAIN_R1: sent MR1,
expecting MI2<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Jan 1 21:34:28 suid pluto[9276]:
"roadwarrior-3G"[3] xxx.xxx.xxx.xxx #3: NAT-Traversal: Result using
draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Jan 1 21:34:28 suid pluto[9276]:
"roadwarrior-3G"[3] xxx.xxx.xxx.xxx #3: transition from state
STATE_MAIN_R1 to state STATE_MAIN_R2<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Jan 1 21:34:28 suid pluto[9276]:
"roadwarrior-3G"[3] xxx.xxx.xxx.xxx #3: STATE_MAIN_R2: sent MR2,
expecting MI3<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Jan 1 21:34:28 suid pluto[9276]:
"roadwarrior-3G"[3] xxx.xxx.xxx.xxx #3: Main mode peer ID is
ID_DER_ASN1_DN: 'C=SE, ST=State, L=VST, O=SSC, CN=xxx, E=na@na.com'<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Jan 1 21:34:28 suid pluto[9276]:
"roadwarrior-3G"[3] xxx.xxx.xxx.xxx #3: switched from
"roadwarrior-3G" to "roadwarrior-3G"<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Jan 1 21:34:28 suid pluto[9276]:
"roadwarrior-3G"[4] xxx.xxx.xxx.xxx #3: deleting connection
"roadwarrior-3G" instance with peer xxx.xxx.xxx.xxx
{isakmp=#0/ipsec=#0}<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Jan 1 21:34:28 suid pluto[9276]: "roadwarrior-3G"[4]
xxx.xxx.xxx.xxx #3: I am sending my cert<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Jan 1 21:34:28 suid pluto[9276]:
"roadwarrior-3G"[4] xxx.xxx.xxx.xxx #3: transition from state
STATE_MAIN_R2 to state STATE_MAIN_R3<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Jan 1 21:34:28 suid pluto[9276]:
"roadwarrior-3G"[4] xxx.xxx.xxx.xxx #3: STATE_MAIN_R3: sent MR3,
ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_192
prf=oakley_sha group=modp2048}<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Jan 1 21:34:28 suid pluto[9276]:
"roadwarrior-3G"[4] xxx.xxx.xxx.xxx #4: responding to Quick Mode
{msgid:058452c3}<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Jan 1 21:34:28 suid pluto[9276]:
"roadwarrior-3G"[4] xxx.xxx.xxx.xxx #4: transition from state
STATE_QUICK_R0 to state STATE_QUICK_R1<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Jan 1 21:34:28 suid pluto[9276]:
"roadwarrior-3G"[4] xxx.xxx.xxx.xxx #4: STATE_QUICK_R1: sent QR1,
inbound IPsec SA installed, expecting QI2<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Jan 1 21:34:29 suid pluto[9276]:
"roadwarrior-3G"[4] xxx.xxx.xxx.xxx #4: route-host output:
/usr/local/lib/ipsec/_updown: doroute `ip route add 0.0.0.0/32 via xxx.xxx.xxx.xxx
dev eth0 ' failed (RTNETLINK answers: Invalid argument)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Jan 1 21:34:29 suid pluto[9276]:
"roadwarrior-3G"[4] xxx.xxx.xxx.xxx #4: transition from state
STATE_QUICK_R1 to state STATE_QUICK_R2<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Jan 1 21:34:29 suid pluto[9276]:
"roadwarrior-3G"[4] xxx.xxx.xxx.xxx #4: STATE_QUICK_R2: IPsec SA
established {ESP=>0xb365161a <0xf070206d xfrm=3DES_0-HMAC_MD5 NATD=none
DPD=none}<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Jan 1 21:35:03 suid pluto[9276]:
"roadwarrior-3G"[4] xxx.xxx.xxx.xxx #3: received Delete
SA(0xb365161a) payload: deleting <st1:place w:st="on"><st1:PlaceName w:st="on">IPSEC</st1:PlaceName>
<st1:PlaceType w:st="on">State</st1:PlaceType></st1:place> #4<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Jan 1 21:35:04 suid pluto[9276]:
"roadwarrior-3G"[4] xxx.xxx.xxx.xxx #3: received and ignored
informational message<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Jan 1 21:35:04 suid pluto[9276]:
"roadwarrior-3G"[4] xxx.xxx.xxx.xxx #3: received Delete SA payload:
deleting <st1:place w:st="on"><st1:PlaceName w:st="on">ISAKMP</st1:PlaceName> <st1:PlaceType
w:st="on">State</st1:PlaceType></st1:place> #3<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Jan 1 21:35:04 suid pluto[9276]:
"roadwarrior-3G"[4] xxx.xxx.xxx.xxx: deleting connection
"roadwarrior-3G" instance with peer xxx.xxx.xxx.xxx
{isakmp=#0/ipsec=#0}<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Jan 1 21:35:04 suid pluto[9276]:
"roadwarrior-3G": unroute-host output: /usr/local/lib/ipsec/_updown:
doroute `ip route delete 0.0.0.0/32 via xxx.xxx.xxx.xxx dev eth0 ' failed
(RTNETLINK answers: No such process)<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Jan 1 21:35:04 suid pluto[9276]: packet from xxx.xxx.xxx.xxx:500:
received and ignored informational message<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'> <o:p></o:p></span></font></p>
</div>
</body>
</html>