[Openswan Users] Problems with OpenSwan - Win2K both behind NAT
Sauro Saltini
saltini at shc.it
Thu Jul 1 21:28:12 CEST 2004
I've succesfully installed and configured an OpenSwan box (behind NAT)
following Nate Carlson's Howto and the whole thing works perfectly
with Win 2K / XP clients having a Public IP (no NAT).
Trying to connect from the same clients placed behind a NAT gateway
the first part of the connection seems ok (ISAKMP SA established) but
after this i receive the message:
cannot respond to IPsec SA request because no connection is known for
192.168.1.0/24===192.168.2.2:4500[<Certificate for
OpenSwan>]...xxx.xxx.xxx.xxx:4500[<Certificate for Win2k
Client>]===192.168.99.146/32
where xxx.xxx.xxx.xxx is the public address of NAT box at client side
and 192.168.99.146/32 is the client LAN IP.
in my ipsec.conf I have configured two connections :
conn roadwarrior-net
leftsubnet=192.168.1.0/24
also=roadwarrior
conn roadwarrior
left=192.168.2.2
leftnexthop=192.168.2.1
leftcert=xxxxx.pem
right=%any
pfs=yes
auto=add
When I connect with a client with real IP assigned the connection
roadwarrior-net is started and IPsec SA is established correctly.
Can anyone explain me how exactly OpenSwan chooses the right
connection to start ?
Many thanks in advance.
Sauro Saltini.
More information about the Users
mailing list