[Openswan Users]

Paul Wouters paul at xelerance.com
Fri Dec 30 20:38:51 CET 2005

On Fri, 30 Dec 2005, Geert Janssens wrote:

> With this setup, a tunnel is established (I get the message "sent QI2, IPsec
> SA established". However, this configuration is for a network to network
> tunnel, and I can't even test if it really works, because there is no network
> behind IpsecPeer2. There is a network behind IpsecPeer1 and in a second phase
> I would like this network to use the tunnel also, but first I need the two
> peers to be able to communicate).
> As far as I could understand the ipsec documentation, to setup a peer to peer
> connection, the leftsubnet and rightsubnet entries should be removed.
> However, if I remove the *subnet entries, the connection no longer gets
> established.

That is because there is a special subnet entry for NAT-Traversal. I assume you
are using portforwarding on one or both sides. So add rightsubnet=vhost:%priv,%no
on both ends (where right is the remote end) and enable nat_traversal=yes in
config setup.


More information about the Users mailing list