<span id="result_box" class="" lang="en"><span class="hps">Hello,<br><br>I quit</span> <span class="hps">using</span> <span class="hps">linux and</span> <span class="hps">openswan</span> <span class="hps">vpn</span> <span class="hps">to access</span><span class="">,</span> <span class="hps">thanks to</span> <span class="hps">help from everyone</span> <span class="hps">but I will</span> <span class="hps">continue to</span> <span class="hps">use the</span> <span class="hps">windows</span> <span class="hps">with the</span> <span class="hps">client</span> <span class="hps">software</span> <span class="hps">checkpoint</span><span class="">.</span> <span class="hps">As I said</span> <span class="hps">before, I am</span> <span class="hps">developer</span> <span class="hps">and I know</span> <span class="hps">very well the</span> <span class="hps">area of networking</span><span class="">.<br>
<br>Thanks.<br>Victor Jabur<br></span></span><br><div class="gmail_quote">2011/8/1 Willie Gillespie <span dir="ltr"><<a href="mailto:wgillespie%2Bopenswan@es2eng.com">wgillespie+openswan@es2eng.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Try adding UDP port 4500 also (which allows for NAT-T)<br>
<div class="im"><br>
On 07/28/2011 01:33 PM, <a href="mailto:victorjabur@gmail.com">victorjabur@gmail.com</a> wrote:<br>
> I'm not an expert on infrastructure. I'm developer and i don't have much<br>
> knowledgement about firewall and linux.<br>
><br>
> I tried to run these commands to open the UDP Port 500.<br>
><br>
> iptables -A INPUT -p udp --sport 500 --dport 500 -j ACCEPT<br>
> iptables -A OUTPUT -p udp --sport 500 --dport 500 -j ACCEPT<br>
> # we need to allow ESP<br>
> iptables -A INPUT -p 50 -j ACCEPT<br>
> iptables -A OUTPUT -p 50 -j ACCEPT<br>
> # and AH r<br>
> iptables -A INPUT -p 51 -j ACCEPT<br>
> iptables -A OUTPUT -p 51 -j ACCEPT<br>
><br>
> iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT<br>
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE<br>
><br>
><br>
> But the same message persist.<br>
><br>
> 1) How commands should i execute to resolve this error ?<br>
> 2) What ports and rules should be appended to firewall to make openswan<br>
> works on linux, there is any document for this ?<br>
><br>
> Thanks.<br>
> Victor<br>
><br>
</div>> 2011/7/28 Paul Wouters <<a href="mailto:paul@xelerance.com">paul@xelerance.com</a> <mailto:<a href="mailto:paul@xelerance.com">paul@xelerance.com</a>>><br>
<div class="im">><br>
> On Thu, 28 Jul 2011, <a href="mailto:victorjabur@gmail.com">victorjabur@gmail.com</a><br>
</div><div class="im">> <mailto:<a href="mailto:victorjabur@gmail.com">victorjabur@gmail.com</a>> wrote:<br>
><br>
> I correct the command leftxauthuser to leftxauthusername and it<br>
> works.<br>
><br>
> This is the currently log, can you tell me why the connection<br>
> isn't work ?<br>
><br>
><br>
> 000 #2: "company":500 STATE_MAIN_I1 (sent MI1, expecting MR1);<br>
> EVENT_RETRANSMIT in 22s; nodpd; idle; import:admin<br>
><br>
> Your first packet is not received or answered. Check firewall rules.<br>
><br>
> Paul<br>
><br>
><br>
><br>
><br>
><br>
><br>
</div>> _______________________________________________<br>
> <a href="mailto:Users@openswan.org">Users@openswan.org</a><br>
> <a href="http://lists.openswan.org/mailman/listinfo/users" target="_blank">http://lists.openswan.org/mailman/listinfo/users</a><br>
> Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
> Building and Integrating Virtual Private Networks with Openswan:<br>
> <a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
_______________________________________________<br>
<a href="mailto:Users@openswan.org">Users@openswan.org</a><br>
<a href="http://lists.openswan.org/mailman/listinfo/users" target="_blank">http://lists.openswan.org/mailman/listinfo/users</a><br>
Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy" target="_blank">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a><br>
Building and Integrating Virtual Private Networks with Openswan:<br>
<a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a><br>
</blockquote></div><br><br clear="all"><br>