[Openswan Users] openswan and red hat enterprise

Stephen Wong stephen.wong at avacue.com
Fri Apr 2 18:16:32 CEST 2004 

If I am having an error in my X509 setup, then why the x509 connection works
when the client is not behind the NAT firewall.  This problem almost drive
me crazy.  Please kindly help.

Stephen.

----- Original Message ----- 
From: "Paul Wouters" <paul at xelerance.com>
To: "Stephen Wong" <stephen.wong at avacue.com>
Cc: <users at lists.openswan.org>
Sent: Fri, Apr 02, 2004 16:41
Subject: Re: [Openswan Users] openswan and red hat enterprise


> On Fri, 2 Apr 2004, Stephen Wong wrote:
>
> > With exact the same config, and change to preshare secret instead of
X509
> > certificate, the connection can then be successfully established
>
> Then you will likely still have an error in your certificate setup.
>
> > but cannot
> > even ping the remote host.  Tcpdump found no packet except the esp
packets.
> > I suppose the esp packet will be decoded to normal packets when it goes
in
> > the vpn server.
>
> These are other problems. Run 'ipsec verify' on the vpnserver for some
hints.
> This could be a firewalling issue, a forwarding issue, or a packet mangle
issue
> (NATing ipsec packets by accident), etc etc.
>
> Paul
>
> > Please kindly help.
> >
> > Thanks.
> >
> > ----- Original Message ----- 
> > From: "Paul Wouters" <paul at xelerance.com>
> > To: "Stephen Wong" <stephen.wong at avacue.com>
> > Cc: <users at lists.openswan.org>
> > Sent: Thu, Apr 01, 2004 20:10
> > Subject: Re: [Openswan Users] openswan and red hat enterprise
> >
> >
> > > On Thu, 1 Apr 2004, Stephen Wong wrote:
> > >
> > > > conn rwarrior
> > > >         leftsubnet=10.0.0.0/8
> > > >         auto=add
> > > >         pfs=yes
> > >
> > > I dont think you mean to say that the roadwarrior has the entire 10/8
> > > space behind it. I also didn't see any virtual_private line or a
> > > subnetwithin statement anywhere.
> > >
> > > Read the X.509 documentation on how to configure one of those.
> > >
> > > Paul
> > >
> >
>
> -- 
> It's amazing how quickly someone can go from talking about being on the
> cutting edge, and fighting for freedom and liberty and information wants
> to be free, to becoming a total right wing reactionary censorship wacko,
> if naked girls are involved.        --- Aaron, producer of haxxxor
>

More information about the Users mailing list