[Openswan Users] no connection is known for...
Mark Frost
mfrost at westnet.com
Mon May 24 18:42:15 CEST 2004
The OpenSwan gateway is really a router in that it sits on the internal
and external networks. There's another box, a Nexlan box, that does NAT
for the users on the internal network (172.16.*.*). The OpenSwan
gateway does not translate packets for users nor are any packets from
users on the internal network routed there. (I made a crude picture of
this in an earlier post).
Yes, the rightsubnet=192.168.1.0/24 line was uncommented and once again,
I got the line saying "no connection is known for..." despite the fact
the the certificate DN's and allowable IP's seem to match the output of
ipsec auto --status.
Mark
Jacco de Leeuw wrote:
> Mark Frost wrote:
>
>> And in my case, I've got NAT on both sides with the OS gateway acting
>> as a gateway (but not the NAT server) on the non-roadwarrior side.
>
>
> Is there really NAT on the Openswan server? Well, there is, you probably
> do NAT for clients on the internal network accessing the Internet, but
> IPsec packets coming in from roadwarriors are not NAT-ed on the Openswan
> server, are they? So the IP address on your internal interface eth1 is
> something like 172.16.0.48 ?
>
>> IPsec passthrough was enabled. I just turned it off and tried
>> again. It doesn't seem to have any effect.
>
>
> Damn, I was hoping that this was it. The rightsubnet line was
> uncommented,
> right?
>
> Jacco
More information about the Users
mailing list