[Openswan Users] Private & Public Internet IPs

Phillip T. George phillip at eacsi.com
Thu Jul 7 16:43:20 CEST 2005

It seems I keep having more and more fun issues with VPNs :)  Okay, the 
issue of the day is that I have a location that has a private internet 
IP and a public internet IP.  All information that is sent to the public 
IP is set to the private IP and all information that is sent to the 
private IP is sent to the public IP.  The issue is that OpenSwan likes 
to match keys via IPs and uses IPs for identification.  I receive this 
error when I use the public IP information:
... : We cannot identify ourselves with either end of this connection.

When I use the private IP, it cannot maintain the connection of course.  
The left side can't properly identify the right side, because the left 
side is using the private IP and claims that its the private IP, so the 
right side basically says "I'm not sure if this is the right host...." 
and doesn't connect.  If I set both sides to the private IP, then of 
course the connection can't be made at all.  I messed with %defaultroute 
on the left side (private IP), to see if that would help a bit, but it 

I'm thinking the solution should be that the public IPs need to be on 
the both side.  Now on the left side, it needs some kind of way to 
figure out which host it is....how do I do this?


More information about the Users mailing list