[Openswan Users] no connection is known for...
Mark Frost
mfrost at westnet.com
Tue May 25 22:44:58 CEST 2004
So is there anything else I might be able to try at this point?
Thanks
Mark
Mark Frost wrote:
> The OpenSwan gateway is really a router in that it sits on the
> internal and external networks. There's another box, a Nexlan box,
> that does NAT for the users on the internal network (172.16.*.*). The
> OpenSwan gateway does not translate packets for users nor are any
> packets from users on the internal network routed there. (I made a
> crude picture of this in an earlier post).
>
> Yes, the rightsubnet=192.168.1.0/24 line was uncommented and once
> again, I got the line saying "no connection is known for..." despite
> the fact the the certificate DN's and allowable IP's seem to match the
> output of ipsec auto --status.
>
> Mark
>
> Jacco de Leeuw wrote:
>
>> Mark Frost wrote:
>>
>>> And in my case, I've got NAT on both sides with the OS gateway
>>> acting as a gateway (but not the NAT server) on the non-roadwarrior
>>> side.
>>
>>
>>
>> Is there really NAT on the Openswan server? Well, there is, you probably
>> do NAT for clients on the internal network accessing the Internet, but
>> IPsec packets coming in from roadwarriors are not NAT-ed on the Openswan
>> server, are they? So the IP address on your internal interface eth1 is
>> something like 172.16.0.48 ?
>>
>>> IPsec passthrough was enabled. I just turned it off and tried
>>> again. It doesn't seem to have any effect.
>>
>>
>>
>> Damn, I was hoping that this was it. The rightsubnet line was
>> uncommented,
>> right?
>>
>> Jacco
>
>
> _______________________________________________
> Users mailing list
> Users at lists.openswan.org
> http://lists.openswan.org/mailman/listinfo/users
More information about the Users
mailing list