[Openswan Users] connection could not be established, client loop the request, both are NATed!]

Jacco de Leeuw jacco2 at dds.nl
Mon Jul 11 19:31:43 CEST 2005

foren titze wrote

>>You could post your ipsec.conf. Are you using:
>>leftnexthop=<internal_IP_of_your_NAT_Firewall> ?
> It was set: leftnexthop=%defaultroute
> and this is the internal IP of the nating Router.
> config setup
>      interfaces=%defaultroute
>      klipsdebug=none
>      plutodebug=none
>      forwardcontrol=on
>      nat_traversal=yes
>      ##############
>      uniqueids=yes
>      virtual_private=%v4:,%v4:,%v4:

You seem to be using Nate Carlson's configuration files but they need some
corrections. First, you should exclude your internal subnet if you want
roadwarriors to use NAT-T. I don't know what your internal subnet is
but let's assume that it is Then add this:


> conn test
>      authby=rsasig
>      right=%any
>      leftnexthop=%defaultroute
>      rightnexthop=

rightnexthop? What if you comment this line?

>      rightid=""

I don't know what you are trying to achieve with left/rightid="".

>      rightprotoport=17/1701
>      leftprotoport=17/1701      ##for updated winxp 1701
>      #rightcert=certs/titze_cert.pem

Uncomment this line or use:


>      leftupdown=/etc/ipsec.d/_updown.x509
>      pfs=no
>      auto=add

If the client is NATed you should also add:


> Sorry. but I was wrong. At my testing, only the server was nated. The peer was 
> not nated.

The Openswan log says that both are NATed. But that is incorrect?

Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl

More information about the Users mailing list