[Openswan Users] no connection is known for...

Mark Frost mfrost at westnet.com
Mon May 24 18:42:15 CEST 2004


The OpenSwan gateway is really a router in that it sits on the internal 
and external networks.  There's another box, a Nexlan box, that does NAT 
for the users on the internal network (172.16.*.*).  The OpenSwan 
gateway does not translate packets for users nor are any packets from 
users on the internal network routed there.  (I made a crude picture of 
this in an earlier post).

Yes, the rightsubnet=192.168.1.0/24 line was uncommented and once again, 
I got the line saying "no connection is known for..." despite the fact 
the the certificate DN's and allowable IP's seem to match the output of 
ipsec auto --status.

Mark

Jacco de Leeuw wrote:

> Mark Frost wrote:
>
>> And in my case, I've got NAT on both sides with the OS gateway acting 
>> as a gateway (but not the NAT server) on the non-roadwarrior side.
>
>
> Is there really NAT on the Openswan server? Well, there is, you probably
> do NAT for clients on the internal network accessing the Internet, but
> IPsec packets coming in from roadwarriors are not NAT-ed on the Openswan
> server, are they? So the IP address on your internal interface eth1 is
> something like 172.16.0.48 ?
>
>> IPsec passthrough was enabled.  I just turned it off and tried 
>> again.  It doesn't seem to have any effect.
>
>
> Damn, I was hoping that this was it. The rightsubnet line was 
> uncommented,
> right?
>
> Jacco



More information about the Users mailing list