[Openswan Users] Re: NAT Traversal support with openswan

Paul Wouters paul at xelerance.com
Tue Jun 22 16:39:35 CEST 2004


On Mon, 21 Jun 2004, Nate Carlson wrote:

> >         type=tunnel
> >         left=9.5.56.169
> >         leftnexthop=%defaultroute
> >         #leftsubnet=9.5.56.160/32
> >         right=9.10.109.122
> >         rightnexthop=%defaultroute
> >         #rightsubnet=9.10.109.122/32
> >         rekey=yes
> >         auth=esp
> > 
> > I reload the connection and got this message. Looks fine, except I don't
> > quite understand the line "
> > 9.10.109.122---9.10.109.1...9.10.109.1---9.5.56.169"

Do not use *nexthop=%defaultroute. Either leave out the nexthop setting, and
let openswan figure out the defaultroute, or specify an IP address.
In this case it seems that Openswan 'computes' the defaultroute even for 
the remote end. It should not do that. Any nexthop setting for the remote side
should be fully ignored. Michael, is this a bug? 

Probably removing the nexthop of the remote end will fix your problem.

Paul
-- 

<Reverend> IRC is just multiplayer notepad.




More information about the Users mailing list