[Openswan Users] but no connection has been authorized
Davide Giunchi
davidegiunchi at libero.it
Thu Dec 16 18:48:44 CET 2004
Il giorno gio, 16-12-2004 alle 16:51 +0100, O-Zone ha scritto:
> Alle 16:48, giovedì 16 dicembre 2004, Davide Giunchi ha scritto:
> > I'm trying to setup openswan on two debian testing, one has a fixed ip
> > address and is under NAT (a netgear adsl router), the second is under
> > NAT and has a dynamic ip, so i'm trying to connect from the dynamic ip
> > (road warrior) to the fixed one.
> > leftsubnet=192.168.0.0/24
> > leftnexthop=192.168.0.254
>
> The "leftnethop" should be the router's IP on the Interne side, not the
> internal LAN IP.
>
Ok, i've modifyed the ipsec.conf as shown above:
version 2
include /etc/ipsec.d/examples/no_oe.conf
config setup
nat_traversal=yes
conn ufficio
# left e' l'ufficio
left=192.168.0.1
leftid=@test.example
leftsubnet=192.168.0.0/24
leftnexthop=81.74.71.x
leftrsasigkey=0sAxxxx
# right e' il portatile a casa o in giro
right=%any
rightid=@davide.example.com
rightrsasigkey=0sAxxxx
authby=rsasig
auto=add
if i run
#ipsec auto --up ufficio
022 "ufficio": We cannot identify ourselves with either end of this
connection.
If i change "right" with the internal ip (even if it's the road warrior)
and rightnexthop with the external ip i get the following errors:
# ipsec auto --up ufficio-davide
104 "ufficio-davide" #1: STATE_MAIN_I1: initiate
010 "ufficio-davide" #1: STATE_MAIN_I1: retransmission; will wait 20s
for response
010 "ufficio-davide" #1: STATE_MAIN_I1: retransmission; will wait 40s
for response
and on the other side, on syslog.log, i can't see nothing on the logs.
> RTFM :-)
>
i've read this false information on the howto on
www.sistemistiindipendenti.org .
Regards.
More information about the Users
mailing list