[Openswan Users] {Escaneado contra Virus y Spam}

fran ursala at samtek.es
Tue Apr 5 13:25:03 CEST 2005


only two questions:

1.    Freeswan 2.06 supports nat_traversal ?
2.    in the ipsec.conf  file, the parameters nat_traversal=yes  and
virtual_private=%v4:172.17.0.0/16 ,
can be in the conn section ?  or only can be in the config setup section?


thank you for all.


----- Original Message ----- 
From: "Paul Wouters" <paul at xelerance.com>
To: "fran" <ursala at samtek.es>
Cc: <users at openswan.org>
Sent: Tuesday, April 05, 2005 11:17 AM
Subject: Re: [Openswan Users] {Escaneado contra Virus y Spam}


> On Tue, 5 Apr 2005, fran wrote:
>
> You need to enable nat_traversal=yes on both ends and
> virtual_private=%v4:172.17.0.0/16 on the end with the 172.17.0.0/16
network
>
> Paul
>
> > in my net, my VPN (server SERVER_A) is in internal network, so the
interface ipsec0 is 172.17.0.51 (private ip),
> > in my ipsec.conf my Gateway is 172.17.0.51  (left=172.17.0.51), but when
tis IP arrives to my Firewall,
> > is nated (static nat) to a public IP to go out to internet ( for example
to a 80.45.12.28).
> > the other part of VPN ( SERVER_B) must have in its ipsec.conf :
right=80.45.12.28 because it see arrives the packets
> > from the public IP (80.45.12.28), but when IKE negociation a mistake
occur because the Gateway that the SERVER_A
> > communicate it is 172.17.0.51 and not 80.45.12.28:
> >
> > Mar 15 09:48:38 fwint Pluto[7678]: "monteftp" #2: max number of
retransmissions (2) reached STATE_MAIN_R2
> > Mar 15 09:48:39 fwint Pluto[7678]: "monteftp" #4: responding to Main
Mode
> > Mar 15 09:48:41 fwint Pluto[7678]: "monteftp" #4: no suitable connection
for peer '172.17.0.51'
> >
> > this is the problem: SERVER_B in its ipsec.conf must have
right=80.45.12.28 because is the IP that it see arrives and  send
> > the packets, but in the IKE negociation SERVER_A say to SERVER_B that
SERVER_A is 172.17.0.51 and not 80.45.12.28,
> > and cause the error:  no suitable connection for peer '172.17.0.51'
> >
> >
> > SERVER_A--------------FIREWALL  ----------internet-------------- 
SERVER_B
> > 172.17.0.51(nated to:)80.45.12.28
> >
> > i need a solucion.
> >
> > thanks.
>
> -- 
>
> As time passes hardware approaches the effectiveness of a rock and
> the reliability of a crack addict.
>                                       --- Naubert's law



More information about the Users mailing list