[Openswan Users] openswan and red hat enterprise

Stephen Wong stephen.wong at avacue.com
Fri Apr 2 18:40:30 CEST 2004


Thanks for your kindly help Paul.  On the WinXP end, I am using SSH Sentinel
1.4, therefore, I don't have the ipsec.conf for you.

Let me clarify a bit, there are totally 3 senerios,

1. The server side ipsec.conf I posted last time work fine with the SSH
Sentinel client when both client and server is directly connected to the
Internet.  And everything works fine after the connect is established, i.e.
can ping, can telnet, etc.

2. When client is hide behind NAT firewall, preshare secret mode can
connect, but cannot even ping.

3. When client is hide behind NAT firewall and using X509 certificate, the
server keep on waiting for MI3 and retransmission of STATE_MAIN_R2.

Thanks a million !!!
Stephen.

----- Original Message ----- 
From: "Paul Wouters" <paul at xelerance.com>
To: "Stephen Wong" <stephen.wong at avacue.com>
Cc: <users at lists.openswan.org>
Sent: Fri, Apr 02, 2004 15:30
Subject: Re: [Openswan Users] openswan and red hat enterprise


> On Fri, 2 Apr 2004, Stephen Wong wrote:
>
> > If I am having an error in my X509 setup, then why the x509 connection
works
> > when the client is not behind the NAT firewall.  This problem almost
drive
> > me crazy.  Please kindly help.
>
> You only posted a part of your ipsec.conf of one end, so I can't really
> say more about your setup.
>
> I would need to see the full ipsec.conf of the server, or a 'ipsec barf'
> and if using the win2k native ipsec, also the ipsec.conf of the win2k
> machine.
>
> Paul



More information about the Users mailing list