[Openswan Users] Private & Public Internet IPs
Phillip T. George
phillip at eacsi.com
Thu Jul 7 16:43:20 CEST 2005
It seems I keep having more and more fun issues with VPNs :) Okay, the
issue of the day is that I have a location that has a private internet
IP and a public internet IP. All information that is sent to the public
IP is set to the private IP and all information that is sent to the
private IP is sent to the public IP. The issue is that OpenSwan likes
to match keys via IPs and uses IPs for identification. I receive this
error when I use the public IP information:
... : We cannot identify ourselves with either end of this connection.
When I use the private IP, it cannot maintain the connection of course.
The left side can't properly identify the right side, because the left
side is using the private IP and claims that its the private IP, so the
right side basically says "I'm not sure if this is the right host...."
and doesn't connect. If I set both sides to the private IP, then of
course the connection can't be made at all. I messed with %defaultroute
on the left side (private IP), to see if that would help a bit, but it
didn't.
I'm thinking the solution should be that the public IPs need to be on
the both side. Now on the left side, it needs some kind of way to
figure out which host it is....how do I do this?
Thanks,
Phillip
More information about the Users
mailing list