[Openswan Users] vpn server and DNAT
Jacco de Leeuw
jacco2 at dds.nl
Fri Dec 17 11:44:27 CET 2004
Tomasz Grzelak wrote:
> [vpn client] ------------ eth1[router]eth0 ------------ eth2[vpn server]
>
> eth1=xx.xx.xx.xx (public IP)
> eth0=yy.yy.yy.yy (private IP)
> eth2=yy.yy.yy.zz (private IP)
>
> When a client tries to connect, an SA is established (using a tunnel mode
> (NAT-T))
Tunnel mode? I thought L2TP over IPsec is always transport mode? Or do
you consider the UDP encapsulation in NAT-T as a form of "tunnel mode"?
Don't confuse this term, because it has a very specific meaning in IPsec.
> but L2TP connection fails - openswan does not reply to a client,
> and in the /var/log/auth.log I have: "Cannot respond to IPSec SA request
> because no connection is known for xx.xx.xx.xx".
Apparently there is a mismatch between your ipsec.conf and how the
connection turns out to be. Perhaps you could post your ipsec.conf
and some other details.
BTW, I did not get this working myself. I seemed to get the IPsec connection
working but the L2TP part failed.
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list