[Openswan Users] Ipsec error : no connection is known

Frédéric Gonzatti fred99 at libertysurf.fr
Mon May 31 13:00:10 CEST 2004


Nate Carlson wrote:

>On Sat, 29 May 2004, Frédéric Gonzatti wrote:
>  
>
>>Here is my ipsec.conf file of my linux gateway :
>>    
>>
>
>Looks like you don't have NAT-T enabled - try turning that on. (See below)
>
>  
>
>>config setup
>>    # Debug-logging controls:  "none" for (almost) none, "all" for lots.
>>    interfaces=%defaultroute
>>    uniqueids=yes
>>    plutodebug=no
>>    
>>
>
>Add:
>
>	nat_traversal=yes
>
>  
>
>>conn roadwarrior
>>    right=%any
>>    left=%defaultroute
>>    leftcert=gandalf.XXX.com.pem
>>    auto=add
>>    pfs=yes
>>    
>>
>
>For testing purposes, add:
>
>	rightsubnet=vhost:%no,%all
>
>In the long term (if this works), you'll want to set the virtual_private
>setting, and use that to define what networks roadwarriors can have their
>internal IP in; see that NAT-T docs.
>
>------------------------------------------------------------------------
>| nate carlson | natecars at natecarlson.com | http://www.natecarlson.com |
>|       depriving some poor village of its idiot since 1981            |
>------------------------------------------------------------------------
>
>  
>
I will try (I think I have to recompile my kernel to include nat-t patch).
I will get back to you after doing that.

Thank you

Frederic




More information about the Users mailing list