[Openswan Users] openswan and red hat enterprise

Stephen Wong stephen.wong at avacue.com
Thu Apr 1 16:47:14 CEST 2004


REPOST to remove html part for easy reading.

Can anyone please kindly help.

My problem is very similar to the one in the previous conversation.

I am using RedHat ES 3 with the backport.  I do found that I have the esp4
module.  What I did is I compiled the userland program using the
packing/redhat/openswan.26spec.  My problem is weird, I can connect without
any problem if both server and client is direct connected to the internet.
Once my client is behind the NAT router, the server stay in STATE_MAIN_R2
forever waiting for MI3 to come.  Any hint ?

My ipsec.conf file (with OE disabled) is like this
version 2.0

config setup
        interfaces=%defaultroute
        plutodebug=no
        uniqueids=yes
        nat_traversal=yes

conn %default
        keyingtries=1
        compress=yes
        disablearrivalcheck=no
        authby=rsasig
        esp=3des
        leftupdown="/etc/ipsec_updown.sh"
        leftcert=vpn.pem
        left=%defaultroute
        leftrsasigkey=%cert
        right=%any
        rightrsasigkey=%cert
        rightca=%same

conn rwarrior
        leftsubnet=10.0.0.0/8
        auto=add
        pfs=yes

My ipsec.secrets file is like this
: RSA vpn.pem

Thanks,
Stephen.



More information about the Users mailing list