[Openswan Users] OpenSwan on RH ES 3

rspeelmans at mainit.nl rspeelmans at mainit.nl
Tue Apr 20 09:56:32 CEST 2004 

Hi,

I have installed OpenSwan 2.1.2rc3 on RedHat ES 3. Ipsec-tools of RedHat 
is installed, version 0.2.2-7.

I have it sort of working I can connect to it, but when I'm trying to
connect through nat-t I get on error.

My OpenSwan server has the following IP addresses:
213.201.157.1 (extern)
192.168.200.1 (intern)

The side that is trying to connect has the following ip addresses:
213.201.157.2 (a linux router, firewall temporary disabled)
192.168.20.6 (windows xp client)

On the linux router (213.201.157.2) I have also FreeSwan installed and I 
can connect to the OpenSwan box without any problem. But when I'm trying 
to connect with my XP client I get the following error in my log file:

"nattest"[2] 213.201.157.2:1 #3: responding to Main Mode from unknown peer 
213.201.157.2:1
"nattest"[2] 213.201.157.2:1 #3: transition from state (null) to state 
STATE_MAIN_R1
"nattest"[2] 213.201.157.2:1 #3: transition from state STATE_MAIN_R1 to 
state STATE_MAIN_R2
"nattest"[2] 213.201.157.2:1 #3: Peer ID is ID_IPV4_ADDR: '192.168.20.6'
"nattest"[3] 213.201.157.2:1 #3: deleting connection "nattest" instance 
with peer 213.201.157.2 {isakmp=#0/ipsec=#0}
"nattest"[3] 213.201.157.2:1 #3: transition from state STATE_MAIN_R2 to 
state STATE_MAIN_R3
"nattest"[3] 213.201.157.2:1 #3: sent MR3, ISAKMP SA established
"nattest"[3] 213.201.157.2:1 #3: cannot respond to IPsec SA request 
because no connection is known for 
192.168.200.0/24===213.201.157.1...213.201.157.2:1[192.168.20.6]===192.168.20.6/32

My ipsec.conf looks as following:
-----------------------------------------------------------
config setup
        uniqueids=yes
        plutodebug=none
        klipsdebug=none
        interfaces=%defaultroute
        nat_traversal=yes
        virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/16,%v4:192.168.0.0/16

conn %default
        keyingtries=0
        disablearrivalcheck=no

conn block
    auto=ignore

conn private
    auto=ignore

conn private-or-clear
    auto=ignore

conn clear-or-private
    auto=ignore

conn clear
    auto=ignore

conn packetdefault
    auto=ignore

conn nattest
        right=%any
        rightsubnet=vhost:%no,%priv
        type=tunnel
        auto=add
        keyingtries=3
        authby=secret
        left=213.201.157.1
        leftnexthop=213.201.157.153
        leftsubnet=192.168.200.0/24
        pfs=yes
----------------------------------------------------------------

What am I doing wrong? I have installed OpenSwan by doing "make programs; 
make install"

Thanks in advance,

Richard Speelmans

More information about the Users mailing list