[Openswan Users]

Paul Wouters paul at xelerance.com
Tue Apr 5 12:17:32 CEST 2005

On Tue, 5 Apr 2005, fran wrote:

You need to enable nat_traversal=yes on both ends and 
virtual_private=%v4: on the end with the network


> in my net, my VPN (server SERVER_A) is in internal network, so the interface ipsec0 is (private ip),
> in my ipsec.conf my Gateway is  (left=, but when tis IP arrives to my Firewall,
> is nated (static nat) to a public IP to go out to internet ( for example to a
> the other part of VPN ( SERVER_B) must have in its ipsec.conf : right= because it see arrives the packets
> from the public IP (, but when IKE negociation a mistake occur because the Gateway that the SERVER_A
> communicate it is and not
> Mar 15 09:48:38 fwint Pluto[7678]: "monteftp" #2: max number of retransmissions (2) reached STATE_MAIN_R2
> Mar 15 09:48:39 fwint Pluto[7678]: "monteftp" #4: responding to Main Mode
> Mar 15 09:48:41 fwint Pluto[7678]: "monteftp" #4: no suitable connection for peer ''
> this is the problem: SERVER_B in its ipsec.conf must have right= because is the IP that it see arrives and  send
> the packets, but in the IKE negociation SERVER_A say to SERVER_B that SERVER_A is and not,
> and cause the error:  no suitable connection for peer ''
> SERVER_A--------------FIREWALL  ----------internet--------------  SERVER_B
> to:)
> i need a solucion.
> thanks.


As time passes hardware approaches the effectiveness of a rock and
the reliability of a crack addict.
                                      --- Naubert's law

More information about the Users mailing list