paul at xelerance.com
Thu Dec 29 17:43:53 CET 2005
On Thu, 29 Dec 2005, Sreeram Rengaraj wrote:
> Can you explain to me why this won't work?
Because you are hardcoding the NAT-T negotiation.
> Also I added rightsubnet=vhost:%no,%priv and now when
> I do an ipsec auto --status, the IKE didnt complete
> and there are no SAs established.
You need to show logs for us to be able to say what is going on.
> --- Paul Wouters <paul at xelerance.com> wrote:
> > On Wed, 28 Dec 2005, Sreeram Rengaraj wrote:
> > > The topology is simple.
> > > I have a linux client with Openswan installed on
> > it.
> > > eth0 220.127.116.11
> > >
> > > I have a checkpoint gateway at the other end - IP
> > > 18.104.22.168
> > >
> > > The 2 interfaces are directly connected. I got a
> > > tunnel established and pings working between the
> > two.
> > > However trouble started when I enabled NAT
> > -traversal.
> > > I dont get replies to my ping ( the tunnel seems
> > to
> > > have been setup) and I dont see UDP encapsulation
> > > happening?
> > > config setup
> > > interfaces= "ipsec0=eth0"
> > > nat_traversal=yes
> > >
> > > config roadwarrior
> > > rightcert=/etc/certs/xx.der
> > > rightid= XXX
> > > right=22.214.171.124
> > > rightnexthop=126.96.36.199
> > > rightsubnet=192.168.1.1/32
> > I do not think this is what you want. It just
> > happens to match the
> > no proposal chosen error. You want
> > rightsubnet=vhost:%priv,%no
> > Paul
> Yahoo! DSL Something to write home about.
> Just $16.99/mo. or less.
"Happiness is never grand"
--- Mustapha Mond, World Controller (Brave New World)
More information about the Users