[Openswan Users] Rhel 3 with natt patch?

Nicole Hähnel nicole.haehnel at epost.de
Mon Sep 13 17:09:57 CEST 2004 

Hi,

now I have a connection:

Sep 13 16:01:13 VPN pluto[1351]: "lan1-lan2" #1: initiating Main Mode
Sep 13 16:01:13 VPN pluto[1351]: "lan1-lan2" #1: received Vendor ID 
payload [draft-ietf-ipsec-nat-t-ike-03]
Sep 13 16:01:13 VPN pluto[1351]: "lan1-lan2" #1: enabling possible 
NAT-traversal with method RFC XXXX (NAT-Traversal)
Sep 13 16:01:13 VPN pluto[1351]: "lan1-lan2" #1: transition from state 
STATE_MAIN_I1 to state STATE_MAIN_I2
Sep 13 16:01:13 VPN pluto[1351]: "lan1-lan2" #1: NAT-Traversal: Result 
using draft-ietf-ipsec-nat-t-ike-02/03: i am NATed
Sep 13 16:01:13 VPN pluto[1351]: "lan1-lan2" #1: transition from state 
STATE_MAIN_I2 to state STATE_MAIN_I3
Sep 13 16:01:13 VPN pluto[1351]: "lan1-lan2" #1: Peer ID is 
ID_DER_ASN1_DN: 'C=DEXXX
Sep 13 16:01:13 VPN pluto[1351]: "lan1-lan2" #1: issuer crl not found
Sep 13 16:01:13 VPN pluto[1351]: "lan1-lan2" #1: issuer crl not found
Sep 13 16:01:13 VPN pluto[1351]: "lan1-lan2" #1: transition from state 
STATE_MAIN_I3 to state STATE_MAIN_I4
Sep 13 16:01:13 VPN pluto[1351]: "lan1-lan2" #1: ISAKMP SA established
Sep 13 16:01:13 VPN pluto[1351]: "lan1-lan2" #2: initiating Quick Mode 
RSASIG+ENCRYPT+TUNNEL+PFS+UP {using isakmp#1}
Sep 13 16:01:13 VPN pluto[1351]: "lan1-lan2" #2: up-client output: 
RTNETLINK answers: File exists
Sep 13 16:01:13 VPN pluto[1351]: "lan1-lan2" #2: transition from state 
STATE_QUICK_I1 to state STATE_QUICK_I2
Sep 13 16:01:13 VPN pluto[1351]: "lan1-lan2" #2: sent QI2, IPsec SA 
established {ESP=>0xa3b89be5 <0x58332b28}


But I can't ping or something else.
There are no errors.


Thanks!
Nicole



Paul Wouters wrote:

> On Mon, 13 Sep 2004, Nicole Hähnel wrote:
> 
>> Ok, I'll test it.
>>
>> And what's with the ipsec.conf?
> 
> 
>> config setup
>>    interfaces=%defaultroute
>>    klipsdebug=none
>>    plutodebug=none
>>    nat_traversal=yes
> 
> 
> You also want to add the appropriate virtual_private line there.
> For example, if 192.168.0.0/24 is the office, you will want
> something like:
> 
>     virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,!%v4:192.168.0.0/24
> 
>> I only have to add "nat_traversal=yes" on the server behind the router?
>> Or on the other side too?
> 
> 
> Both sides need to have it enabled.
> 
> Paul

More information about the Users mailing list