[Openswan Users] Re: NAT Traversal support with openswan
Nate Carlson
natecars at natecarlson.com
Tue Jun 22 12:31:51 CEST 2004
On Tue, 22 Jun 2004, Xiaoming Yu wrote:
> I removed the nexthop for left (client side). I tried with both the
> private IP address and the IP address of the NAT box. Both gave me the
> error "no connection authorized". I am very confused by this. From the
> Linux point of view, it received a packet from NAT box (9.5.56.169), and
> somehow he analyzed the packets and knew it was actually from
> 9.5.56.160. So it doesn't like either way? Is it a reasonable
> explanation?
Ah, you'll also need to specify Xsubnet=vhost:%no,%priv (double-check the
syntax), and define %priv to include any networks that the boxes would be
on. Alternatively, do vhost:%no,%all for testing. This will allow the
internal IP of the box (it's encoded in the ipsec headers) to connect.
> Then this only leaves me one option, which is using %any for left. Then
> I got back the error I have described in detail before. It cannot find
> the matching preshared key in ipsec.secrets. It still remember %any I
> specified before.
>
> I really don't think this is not that uncommon and somebody in this
> community should have tried that. Success or not, that is thing I am
> trying to find out.
------------------------------------------------------------------------
| nate carlson | natecars at natecarlson.com | http://www.natecarlson.com |
| depriving some poor village of its idiot since 1981 |
------------------------------------------------------------------------
More information about the Users
mailing list