[Openswan Users] Good old Nat

Paul Wouters paul at xelerance.com
Mon Aug 15 17:17:38 CEST 2005


On Mon, 15 Aug 2005, Fred Strauss wrote:

> I have an RHEL 4 box running openswan and acting as a vpn server for a
> roadwarrior, also running openswan.
> I'm using X.509 certificates, and everything works fine when the
> roadwarrior dials up directly and then connects the VPN.
>
> However, when I try to get the exact same setup working with the
> roadwarrior behind a router I get an error like this (sensitive bits
> x'ed out):
> Aug 15 16:02:29 xxx pluto[xxxx]: "obs-roadwarrior"[2]
> xxx.xxx.xxx.xxx:4500 #1: cannot respond to IPsec SA request because no
> connection is known for 192.168.2.0/24===xxx.xxx.xxx.xxx:4500[C=ZA,
> ST=Gauteng, L=Johannesburg, O=xxx, CN=xxx,
> E=xxx at xxx.xx.xx]...xxx.xxx.xxx.xxx:4500[C=ZA, ST=Gauteng,
> L=Johannesburg, O=xxx, CN=xxx, E=xxx at xxx.xx.xx]===192.168.0.14/32
>
> I make the necesary config changes, nat_traversal is enabled on both
> sides. Both sides are running openswan 2.3.0 and both sides have
> kernel 2.6.x

Does openswan say it activated NAT-Traversal at startup? If so, what are
your virtual_private= settings and your conn setting?

Paul


More information about the Users mailing list