[Openswan Users] Rhel 3 with natt patch?
Nicole Hähnel
nicole.haehnel at epost.de
Tue Sep 14 15:37:44 CEST 2004
I disabled all nat rules.
Now I get this line and no errors:
Checking NAT and MASQUERADEing [N/A]
But ipsec with nat-t is still not working.
I see no errors in /var/log/secure.
Connection is established.
Maybe it's a config problem?
Config on the primary vpn gateway:
config setup
interfaces="ipsec0=eth1"
klipsdebug=none
plutodebug=none
uniqueids=no
nat_traversal=yes
conn %default
authby=rsasig
left="public ip"
leftnexthop=xx.xx.xx.xx
leftsendcert=always
compress=yes
conn lan1-lan2
leftrsasigkey=%cert
leftcert=vpn_cert1.pem
leftid="/C=XX...."
leftsubnet=172.10.0.0/16
right=%any
rightid="/C=XX..."
rightsubnet=172.10.10.0/24
rightrsasigkey=%cert
#
auto=add
Config on the vpn server behin the router:
config setup
interfaces="ipsec0=eth0"
klipsdebug=none
plutodebug=none
nat_traversal=yes
conn %default
authby=rsasig
left="public ip"
leftnexthop=xx.xx.xx.xx
leftrsasigkey=%cert
leftid="/C=XX..."
#
right=192.168.254.2
rightid="/C=XX..."
rightcert=vpn_cert2.pem
conn lan1-lan2
rightrsasigkey=%cert
rightnexthop=%direct
leftsubnet=172.10.0.0/16
rightsubnet=172.10.10.0/24
rightupdown=/etc/ipsec.d/updown
auto=start
Is virtual_private needed or necessary?
Thanks!
Nicole
Paul Wouters wrote:
> On Tue, 14 Sep 2004, Nicole Hähnel wrote:
>
>> I have some admin pcs which need to be masqueraded.
>> So I added a new rule and disabled nat for ipsec destinations. (I'm
>> using fwbuilder)
>
>
> Try to disable all NAT for now and see if that makes ipsec work, so you are
> sure this is the real problem.
> I can't help you with "fwbuilder".
>
>> But the "errors" in ipsec verify are still there.
>
>
> I can't see the errors so I can't comment on them at all.
>
> Paul
More information about the Users
mailing list