<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
You will probably have to set leftid or rightid to @your_public_ip
for your PC B.<br>
<br>
Nick<br>
<br>
<div class="moz-cite-prefix">On 26/11/2014 00:28, Ted Victorio
wrote:<br>
</div>
<blockquote
cite="mid:191363364.661495.1416961692034.JavaMail.yahoo@jws100116.mail.ne1.yahoo.com"
type="cite">
<div style="color:#000; background-color:#fff;
font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial,
Lucida Grande, sans-serif;font-size:16px">
<div id="yui_3_16_0_1_1416960280967_4196" dir="ltr">Hi Neal,<br
style="" class="">
No joy with 'forceencaps=yes' to either side or both.<br
style="" class="">
I removed DMZ setup for PC B and set router to forward UDP 500
and 4500 for IPsec & NAT-T.<br style="" class="">
Same ipsec.conf & ipsec.secrets. Again, the link initiates
from 90.0.0.9-to--192.168.1.150 fine, but won't initiate<br
style="" class="">
in reverse.<br style="" class="">
Thanks,<br style="" class="">
<br style="" class="">
Neal Murphy wrote:<br style="" class="">
> As a guess, add 'forceencaps=yes' to B's config; that
should force it to start <br style="" class="">
> with NAT traversal.<br style="" class="">
<br style="" class="">
On Monday, November 24, 2014 01:35:35 AM Ted Victorio wrote:<br
style="" class="">
> Hello gurus,<br style="" class="">
> <br style="" class="">
> My IPsec link (90.0.0.9--192.168.1.150) works fine if PC
A initiates "ipsec<br style="" class="">
> auto --up A_to_B" However, if PC B initiates "ipsec auto
--up B_to_A", the<br style="" class="">
> handshake fails since the router converts main mode 1
from 192.168.1.150<br style="" class="">
> as if IPsec initiated from 90.0.0.3. Appreciate any
suggestion to solve<br style="" class="">
> this.<br style="" class="">
>Thank you,<br style="" class="">
><br style="" class="">
><br style="" class="">
><br style="" class="">
>Notes:<br style="" class="">
>1) PC B is configured as DMZ behind Trendnet router<br
style="" class="">
>2) nat_traversal=yes for both PC A & PC B<br style=""
class="">
><br style="" class="">
>209.0.0.9<br style="" class="">
>PC A (openswan)<br style="" class="">
>90.0.0.9<br style="" class="">
> |<br style="" class="">
> |<br style="" class="">
> |<br style="" class="">
>90.0.0.3<br style="" class="">
>Trendnet TEW-432BRP ROUTER<br style="" class="">
>192.168.1.1<br style="" class="">
> |<br style="" class="">
> |<br style="" class="">
> |<br style="" class="">
>192.168.1.150 #DMZ#<br style="" class="">
>PC B (openswan)<br style="" class="">
><br style="" class="">
><br style="" class="">
>PC A ipsec.conf:<br style="" class="">
>================<br style="" class="">
>config setup<br style="" class="">
> nat_traversal=yes<br style="" class="">
>
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16<br
style="" class="">
><br style="" class="">
>conn A_to_B<br style="" class="">
> type=tunnel<br style="" class="">
> authby=secret<br style="" class="">
> left=90.0.0.9<br style="" class="">
> leftsubnet=209.0.0.0/24<br style="" class="">
> leftnexthop=90.0.0.3<br style="" class="">
> right=192.168.1.150<br style="" class="">
> rightsubnet=192.168.1.150/32<br style="" class="">
> auto=add<br style="" class="">
><br style="" class="">
>PC A ipsec.secrets:<br style="" class="">
>-------------------<br style="" class="">
>90.0.0.9 192.168.1.150 : PSK "test123"<br style=""
class="">
><br style="" class="">
><br style="" class="">
>PC B ipsec.conf:<br style="" class="">
>================<br style="" class="">
>config setup<br style="" class="">
> nat_traversal=yes<br style="" class="">
>
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16<br
style="" class="">
><br style="" class="">
>conn B_to_A<br style="" class="">
> type=tunnel<br style="" class="">
> authby=secret<br style="" class="">
> left=90.0.0.9<br style="" class="">
> leftsubnet=209.0.0.0/24<br style="" class="">
> right=192.168.1.150<br style="" class="">
> rightsubnet=192.168.1.150/32<br style="" class="">
> auto=add<br style="" class="">
><br style="" class="">
>PC B ipsec.secrets:<br style="" class="">
>-------------------<br style="" class="">
>192.168.1.150 90.0.0.9 : PSK "test123"<br style=""
class="">
<br style="" class="">
<br style="" class="">
<br style="" class="">
<br style="" class="">
<br>
</div>
<div id="yui_3_16_0_1_1416960280967_4472" style="" class=""
dir="ltr"><br style="" class="">
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</a>
<a class="moz-txt-link-freetext" href="https://lists.openswan.org/mailman/listinfo/users">https://lists.openswan.org/mailman/listinfo/users</a>
Micropayments: <a class="moz-txt-link-freetext" href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a>
Building and Integrating Virtual Private Networks with Openswan:
<a class="moz-txt-link-freetext" href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a>
</pre>
</blockquote>
<br>
</body>
</html>