[Openswan Users] Ipsec error : no connection is known
Frédéric Gonzatti
fred99 at libertysurf.fr
Mon May 31 13:00:10 CEST 2004
Nate Carlson wrote:
>On Sat, 29 May 2004, Frédéric Gonzatti wrote:
>
>
>>Here is my ipsec.conf file of my linux gateway :
>>
>>
>
>Looks like you don't have NAT-T enabled - try turning that on. (See below)
>
>
>
>>config setup
>> # Debug-logging controls: "none" for (almost) none, "all" for lots.
>> interfaces=%defaultroute
>> uniqueids=yes
>> plutodebug=no
>>
>>
>
>Add:
>
> nat_traversal=yes
>
>
>
>>conn roadwarrior
>> right=%any
>> left=%defaultroute
>> leftcert=gandalf.XXX.com.pem
>> auto=add
>> pfs=yes
>>
>>
>
>For testing purposes, add:
>
> rightsubnet=vhost:%no,%all
>
>In the long term (if this works), you'll want to set the virtual_private
>setting, and use that to define what networks roadwarriors can have their
>internal IP in; see that NAT-T docs.
>
>------------------------------------------------------------------------
>| nate carlson | natecars at natecarlson.com | http://www.natecarlson.com |
>| depriving some poor village of its idiot since 1981 |
>------------------------------------------------------------------------
>
>
>
I will try (I think I have to recompile my kernel to include nat-t patch).
I will get back to you after doing that.
Thank you
Frederic
More information about the Users
mailing list