[Openswan Users] vpn through NAT between super freeswan and winxp Fail

=?gb2312?B?bWljazJqYWNr?= mick2jack at 163.com
Sat Dec 3 21:57:36 CET 2005 

I'm making vpn (through NAT) between linux with super-freeswan-1.99.8 and windows xp(sp2) with ipsec.exe 
linux with super-freeswan     linux gateway (nat)                windows client
     eth0: 192.168.0.169 ------>>eth0: 192.168.0.171               
     eth1: 192.168.1.1           eth1: 192.168.3.1      <<------ IP:   192.168.3.171 
 
at the linux gateway 
-A POSTROUTING -o eth0 -j SNAT --to-source 192.168.0.171
and
-A INPUT -p udp -m udp --sport 500 --dport 500 -j ACCEPT
-A INPUT -p esp -j ACCEPT
-A INPUT -p udp -m udp --sport 4500 --dport 4500 -j ACCEPT
-A OUTPUT -p udp -m udp --sport 500 --dport 500 -j ACCEPT
-A OUTPUT -p esp -j ACCEPT
-A OUTPUT -p udp -m udp --sport 4500 --dport 4500 -j ACCEPT

 
the freeswan ipsec.conf:
 
config setup
        interfaces=%defaultroute
        klipsdebug=none
        plutodebug=none
        plutoload=%search
        plutostart=%search
        uniqueids=yes
        nat_traversal=yes
conn roadwarrior
        right=%any
conn roadwarrior-net
        leftsubnet=192.168.1.0/255.255.255.0
        right=%any

the windows xp ipsec.conf
 
conn roadwarrior
 left=%any
 leftnexthop=192.168.3.1
 right=192.168.0.169
 rightca="C=CN, S=SD, L=JN, O=vpnCA, OU=rootCA, CN=vpnCA, <A href="mailto:E=admin at vpnCA.com">E=admin at vpnCA.com</A>"
 network=auto
 auto=start
 pfs=yes
conn roadwarrior-net
 left=%any
 leftnexthop=192.168.3.1
 right=192.168.0.169
 rightsubnet=192.168.1.0/255.255.255.0
 rightca="C=CN, S=SD, L=JN, O=vpnCA, OU=rootCA, CN=vpnCA, <A href="mailto:E=admin at vpnCA.com">E=admin at vpnCA.com</A>"
 network=auto
 auto=start
 pfs=yes

when I ping to either 192.168.0.169 or 192.168.1.1 from 192.168.3.171 I get "Negotiating IP Security" all the time but can't get the ping reply.I check the rightca there's no problem 
and if there's no nat gateway the VPN works well
I don't know what's the problem is.who can help me?



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20051203/a7051c9e/attachment.htm

More information about the Users mailing list