[Openswan Users]
Paul Wouters
paul at xelerance.com
Thu Dec 29 03:51:24 CET 2005
On Wed, 28 Dec 2005, Sreeram Rengaraj wrote:
> The topology is simple.
> I have a linux client with Openswan installed on it.
> eth0 1.2.3.5
>
> I have a checkpoint gateway at the other end - IP
> 1.2.3.4
>
> The 2 interfaces are directly connected. I got a
> tunnel established and pings working between the two.
> However trouble started when I enabled NAT -traversal.
> I dont get replies to my ping ( the tunnel seems to
> have been setup) and I dont see UDP encapsulation
> happening?
> config setup
> interfaces= "ipsec0=eth0"
> nat_traversal=yes
>
> config roadwarrior
> rightcert=/etc/certs/xx.der
> rightid= XXX
> right=1.2.3.5
> rightnexthop=1.2.3.4
> rightsubnet=192.168.1.1/32
I do not think this is what you want. It just happens to match the
no proposal chosen error. You want rightsubnet=vhost:%priv,%no
Paul
More information about the Users
mailing list