<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=utf-8">
<META content="MSHTML 6.00.6000.16441" name=GENERATOR></HEAD>
<BODY style="MARGIN: 4px 4px 1px; FONT: 10pt Tahoma">
<DIV>Hi,</DIV>
<DIV>My VPN Linux server is behind a Linux Gateway/NAT. </DIV>
<DIV> </DIV>
<DIV>VPN Server —--> Gateway (eth0-10.x.x.254/24 <—> eth1-70.x.x.x) <----->Internet <----> roadwarrior</DIV>
<DIV> </DIV>
<DIV>I've setup my /etc/ipsec.conf on the server is as follows:</DIV>
<DIV> </DIV>
<DIV>version 2.0</DIV>
<DIV> </DIV>
<DIV>config setup<BR> nat_traversal=yes<BR> strictcrlpolicy=no<BR> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.1.0/24</DIV>
<DIV> </DIV>
<DIV>conn Þfault</DIV>
<DIV> </DIV>
<DIV>conn clear<BR> auto=ignore</DIV>
<DIV> </DIV>
<DIV>conn private<BR> auto=ignore</DIV>
<DIV> </DIV>
<DIV>conn packetdefault<BR> auto=ignore</DIV>
<DIV> </DIV>
<DIV>conn clear-or-private<BR> auto=ignore</DIV>
<DIV> </DIV>
<DIV>conn private-or-clear<BR> auto=ignore</DIV>
<DIV> </DIV>
<DIV>conn block<BR> auto=ignore</DIV>
<DIV> </DIV>
<DIV>conn OEself<BR> auto=ignore</DIV>
<DIV> </DIV>
<DIV>conn roadwarrior-l2tp<BR> leftprotoport=17/0<BR> rightprotoport=17/1701<BR> also=roadwarrior</DIV>
<DIV> </DIV>
<DIV>conn roadwarrior-l2tp-updatedwin<BR> leftprotoport=17/1701<BR> rightprotoport=17/1701<BR> also=roadwarrior</DIV>
<DIV> </DIV>
<DIV>conn roadwarrior-all<BR> leftsubnet=0.0.0.0/0<BR> also=roadwarrior</DIV>
<DIV> </DIV>
<DIV>conn L2TP-CERT<BR> # ...Existing parameters<BR> left=10.x.x.x<BR> leftnexthop=10.x.x.254<BR> rightsubnet=vhost:%no,%priv</DIV>
<DIV> </DIV>
<DIV>conn roadwarrior<BR> authby=rsasig<BR> auto=add<BR> esp=aes,3des<BR> keyingtries=3<BR> left=Þfaultroute<BR> leftcert=path/xxx_01.pem<BR> leftid="x.x.x.x"<BR> leftrsasigkey=Îrt<BR> pfs=yes<BR> right=%any<BR> rightrsasigkey=Îrt</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV>Windows roadwarrior is as follows:</DIV>
<DIV> </DIV>
<DIV>conn me_to_vpngateway<BR> pfs=yes<BR> auto=start<BR> network=auto<BR> left=%any<BR> right=DNSname (FQDN) of server</DIV>
<DIV> rightca="xxxxx"<BR></DIV>
<DIV> </DIV>
<DIV>The routes have been sent up on the gateway/router and vpn server:<BR></DIV>
<DIV>So now the road warrior is trying to connect to the vpn gateway through the gateway and it's failing. I've followed the link <A href="http://www.natecarlson.com/linux/ipsec-x509-fs1.php">http://www.natecarlson.com/linux/ipsec-x509-fs1.php</A>, <A href="http://www.jacco2.dds.nl/networking/openswan-l2tp.html#serverNATed">http://www.jacco2.dds.nl/networking/openswan-l2tp.html#serverNATed</A> and <A href="http://www.jacco2.dds.nl/networking/win2000xp-openswan.html#SP2">http://www.jacco2.dds.nl/networking/win2000xp-openswan.html#SP2</A> (Windows registry addition) but no success. I receive the Error 789 from the windows client. Certificates are fine, packets received on the gateway/router are successful on port 500 but vpn server doesn't doesn't communicate. What should I do?? Please help!!!</DIV>
<DIV> </DIV>
<DIV>Peter</DIV>
<DIV><BR> </DIV></BODY></HTML>