[Openswan Users] freeswan-1.99: cannot respond to IPsec SA
Dennis Leist
dl at byteeffect.de
Tue Mar 30 00:15:03 CEST 2004
Wolfman schrieb:
> Hi,
> I got a very similar Problem, if not the same:
> I have the NAT-T patch installed and working (finally), but it didn't
> help. Some TIP: Kompile Kernel without patches, apply patch fox x.509,
> compile it again, apply NAT-T patch, compile it again. It really takes
> time, but whenever I tried it on another way, it failed. So this are
> nearly 5 compiler runs.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ God, damn it! That is exactely the
procedure I tried to avoid for the system is a productive one. :-((
>
> Ok, back to the Problem, as I said, my NAT-T is working:
> Mar 29 21:17:29 Linuxserver pluto[2218]: Starting Pluto (Openswan
> Version 2.1.0 X.509-1.4.8 PLUTO_USES_KEYRR)
> Mar 29 21:17:29 Linuxserver pluto[2218]: including NAT-Traversal
> patch (Version 0.6c)
Which version are You currently using?
>
> I found something in the google groups, that told me to write down the
> remote IP into my ipsec.conf. I did so, nothing changed
> I pasted my ipsec.conf and my auth.log. If someone knows how to help,
> would be great.
>
> psec.conf:
> config setup
> nat_traversal=yes
>
> # Add connections here.
>
> conn %default
> keyingtries=0
> disablearrivalcheck=no
> authby=rsasig
> rightrsasigkey=%cert
> auto=add
> left=%defaultroute
> leftrsasigkey=%cert
> leftcert=VPN-Gateway-Cert.pem
> leftid="<Certificate ID>"
Why that? I encountered a problem when leftid is given.
I don't remember the error message, but it said: when leftid is given,
rightid must be given as well.
> leftupdown=/usr/lib/ipsec/_updown_x509
>
> conn p2n
> right=%any
> leftsubnet=192.168.107.0/24
> rightsubnet=192.168.107.123/32
Shot in the dark: You may use:
leftprotoport=17/0
rightprotoport=17/01
Good luck
More information about the Users
mailing list