[Openswan Users]

Paul Wouters paul at xelerance.com
Thu Dec 29 17:43:53 CET 2005


On Thu, 29 Dec 2005, Sreeram Rengaraj wrote:

> Can you explain to me why this won't work?

Because you are hardcoding the NAT-T negotiation.

> Also I added rightsubnet=vhost:%no,%priv and now when
> I do an ipsec auto --status, the IKE didnt complete
> and there are no SAs established.

You need to show logs for us to be able to say what is going on.

Paul

>
>
> --- Paul Wouters <paul at xelerance.com> wrote:
>
> > On Wed, 28 Dec 2005, Sreeram Rengaraj wrote:
> >
> > > The topology is simple.
> > > I have a linux client with Openswan installed on
> > it.
> > > eth0 1.2.3.5
> > >
> > > I have a checkpoint gateway at the other end - IP
> > > 1.2.3.4
> > >
> > > The 2 interfaces are directly connected. I got a
> > > tunnel established and pings working between the
> > two.
> > > However trouble started when I enabled NAT
> > -traversal.
> > > I dont get replies to my ping ( the tunnel seems
> > to
> > > have been setup) and I dont see UDP encapsulation
> > > happening?
> >
> > > config setup
> > > interfaces= "ipsec0=eth0"
> > > nat_traversal=yes
> > >
> > > config roadwarrior
> > > rightcert=/etc/certs/xx.der
> > > rightid= XXX
> > > right=1.2.3.5
> > > rightnexthop=1.2.3.4
> > > rightsubnet=192.168.1.1/32
> >
> > I do not think this is what you want. It just
> > happens to match the
> > no proposal chosen error. You want
> > rightsubnet=vhost:%priv,%no
> >
> > Paul
> >
>
>
>
>
> __________________________________________
> Yahoo! DSL – Something to write home about.
> Just $16.99/mo. or less.
> dsl.yahoo.com
>

-- 

"Happiness is never grand"

	--- Mustapha Mond, World Controller (Brave New World)


More information about the Users mailing list