[Openswan Users] Ipsec error : no connection is known

Nate Carlson natecars at natecarlson.com
Sun May 30 19:02:45 CEST 2004


On Sat, 29 May 2004, Frédéric Gonzatti wrote:
> Here is my ipsec.conf file of my linux gateway :

Looks like you don't have NAT-T enabled - try turning that on. (See below)

> config setup
>     # Debug-logging controls:  "none" for (almost) none, "all" for lots.
>     interfaces=%defaultroute
>     uniqueids=yes
>     plutodebug=no

Add:

	nat_traversal=yes

> conn roadwarrior
>     right=%any
>     left=%defaultroute
>     leftcert=gandalf.XXX.com.pem
>     auto=add
>     pfs=yes

For testing purposes, add:

	rightsubnet=vhost:%no,%all

In the long term (if this works), you'll want to set the virtual_private
setting, and use that to define what networks roadwarriors can have their
internal IP in; see that NAT-T docs.

------------------------------------------------------------------------
| nate carlson | natecars at natecarlson.com | http://www.natecarlson.com |
|       depriving some poor village of its idiot since 1981            |
------------------------------------------------------------------------


More information about the Users mailing list