[Openswan Users] Ipsec error : no connection is known
Nate Carlson
natecars at natecarlson.com
Sun May 30 19:02:45 CEST 2004
On Sat, 29 May 2004, Frédéric Gonzatti wrote:
> Here is my ipsec.conf file of my linux gateway :
Looks like you don't have NAT-T enabled - try turning that on. (See below)
> config setup
> # Debug-logging controls: "none" for (almost) none, "all" for lots.
> interfaces=%defaultroute
> uniqueids=yes
> plutodebug=no
Add:
nat_traversal=yes
> conn roadwarrior
> right=%any
> left=%defaultroute
> leftcert=gandalf.XXX.com.pem
> auto=add
> pfs=yes
For testing purposes, add:
rightsubnet=vhost:%no,%all
In the long term (if this works), you'll want to set the virtual_private
setting, and use that to define what networks roadwarriors can have their
internal IP in; see that NAT-T docs.
------------------------------------------------------------------------
| nate carlson | natecars at natecarlson.com | http://www.natecarlson.com |
| depriving some poor village of its idiot since 1981 |
------------------------------------------------------------------------
More information about the Users
mailing list