[Openswan Users] openswan and red hat enterprise

Stephen Wong stephen.wong at avacue.com
Thu Apr 1 13:52:21 CEST 2004


Paul,

I probably need your help too.

My problem is very similar to the one in the previous conversation.

I am using RedHat ES 3 with the backport.  I do found that I have the esp4 module.  What I did is I compiled the userland program using the packing/redhat/openswan.26spec.  My problem is weird, I can connect without any problem if both server and client is direct connected to the internet.  Once my client is behind the NAT router, the server stay in STATE_MAIN_R2 forever waiting for MI3 to come.  Any hint ?

My ipsec.conf file (with OE disabled) is like this
version 2.0

config setup
        interfaces=%defaultroute
        plutodebug=no
        uniqueids=yes
        nat_traversal=yes

conn %default
        keyingtries=1
        compress=yes
        disablearrivalcheck=no
        authby=rsasig
        esp=3des
        leftupdown="/etc/ipsec_updown.sh"
        leftcert=vpn.pem
        left=%defaultroute
        leftrsasigkey=%cert
        right=%any
        rightrsasigkey=%cert
        rightca=%same

conn rwarrior
        leftsubnet=10.0.0.0/8
        auto=add
        pfs=yes

My ipsec.secrets file is like this
: RSA vpn.pem

Thanks,
Stephen.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20040401/21c5cb13/attachment.htm


More information about the Users mailing list