[Openswan Users] connection could not beestablished, client loop the request,both areNATed!]

foren titze foren.titze at gmx.net
Mon Jul 11 09:50:30 CEST 2005 

Am Montag, 11. Juli 2005 07:19 schrieb Foren:
> -------- Original-Nachricht --------
> Betreff: Re: [Openswan Users] 	connection could not be established,
> client loop the request, both	are NATed!
> Datum: Sun, 10 Jul 2005 15:14:36 +0200
> Von: Jacco de Leeuw <jacco2 at dds.nl>
> An: users at openswan.org
> Referenzen: <200507071229.23934.foren.titze at gmx.net>
>
> Foren Titze wrote:
> > "IPsec SA established" and now L2tpd should overtake the connection
> > and establish an ppp connect.
> > But it doesn't make this
> >
> > This happend since I tryied to push the VPN_server behind a NAT Firewall
> > and connect them with a internal private IP and no longer with his
> > external IP.
>
> You could post your ipsec.conf. Are you using:
> leftnexthop=<internal_IP_of_your_NAT_Firewall> ?
It was set: leftnexthop=%defaultroute
and this is 10.0.0.1 the internal IP of the nating Router.
>

-------------------
version 2

config setup
     interfaces=%defaultroute
     klipsdebug=none
     plutodebug=none
     forwardcontrol=on
     nat_traversal=yes
     ##############
     uniqueids=yes
     virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16

conn %default
     leftrsasigkey=%cert
     rightrsasigkey=%cert
     leftid=""
     leftcert=vpncert.pem
     dpdaction=clear
     keylife=2h
     rekeymargin=9m
     keyingtries=3
     disablearrivalcheck=no
     ike="aes128-sha,aes128-md5,3des-md5,3des-sha"
     esp="aes128-sha1,aes128-md5,3des-md5,3des-sha1"
     left=195.135.186.22
     #left=10.0.0.58

conn test
     authby=rsasig
     right=%any
     leftnexthop=%defaultroute
     rightnexthop=192.168.121.1
     rightid=""
     rightprotoport=17/1701
     leftprotoport=17/1701      ##for updated winxp 1701
     #rightcert=certs/titze_cert.pem
     leftupdown=/etc/ipsec.d/_updown.x509
     pfs=no
     auto=add
-------------------------------

Left is the VPN_gate and right the roadwarrior (WindowsXP). 

> > NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: both are
> > NATed
>
> I have never tested a double NAT. What happens if only the server is NATed?
Sorry. but I was wrong. At my testing, only the server was nated. The peer was 
not nated.
>
> Jacco

More information about the Users mailing list