[Openswan Users] Ipsec error : no connection is known
Frédéric Gonzatti
fred99 at libertysurf.fr
Wed Jun 2 00:43:37 CEST 2004
Nate Carlson wrote:
>On Sat, 29 May 2004, Frédéric Gonzatti wrote:
>
>
>>Here is my ipsec.conf file of my linux gateway :
>>
>>
>
>Looks like you don't have NAT-T enabled - try turning that on. (See below)
>
>
>
>>config setup
>> # Debug-logging controls: "none" for (almost) none, "all" for lots.
>> interfaces=%defaultroute
>> uniqueids=yes
>> plutodebug=no
>>
>>
>
>Add:
>
> nat_traversal=yes
>
>
>
>>conn roadwarrior
>> right=%any
>> left=%defaultroute
>> leftcert=gandalf.XXX.com.pem
>> auto=add
>> pfs=yes
>>
>>
>
>For testing purposes, add:
>
> rightsubnet=vhost:%no,%all
>
>In the long term (if this works), you'll want to set the virtual_private
>setting, and use that to define what networks roadwarriors can have their
>internal IP in; see that NAT-T docs.
>
>------------------------------------------------------------------------
>| nate carlson | natecars at natecarlson.com | http://www.natecarlson.com |
>| depriving some poor village of its idiot since 1981 |
>------------------------------------------------------------------------
>
>
>
Hi,
I've had the NAT-T patch in my kernel. I can see the NAT-T is include in
my kernel (ipsec barf command can show me too the nat-t).
Unfortunately it doesn't work. The ping of my LAN (172.16.0.0/16)
doesn't respond ;-(
I've had the two lines : nat_traversal=yes in my config setup and
rightsubnet=vhost:%no,%all in my roadwarrior.
Could you please show me an example of the ipsec.conf files ( for my
ipsec gateway and a Windows XP client) ?
My configuration is the following :
Router Public IP (62.161.75.XXX)
|
Private IP 192.168.3.254
|
IPSEC gateway (x509 and nat-t patched) 193.168.3.1 (ipsec0)
|
IPSEC gateway (LAN) 172.16.2.1
|
LAN (172.16.0.0/16)
The port 500 et protocol 50 have been sent to my ipsec0 interface from
my router.
Thanks a lot for your help.
Fred
More information about the Users
mailing list