[Openswan Users] roadwarrior-net doesn't work

Lynn lynn9a at yahoo.com
Fri Jun 3 08:29:51 CEST 2005 

Hi, All

I have tried to setup roadwarrior work for two weeks. Please help me if there is anything wrong with my setup.

Based on Nate Carlson's web, I have roadwarrior setup between window2000 and linux kernel 2.2.20, another linux box

run as gateway. Window(10.22.8.220) ---- gateway(external 10.22.41.115, internal 172.1.1.254) --- subnet(172.1.1.5).

linux gateway:

config setup

interfaces=%defaultroute

nat_traversal=yes

virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16

klipsdebug=none

plutodebug=all



# Defaults for all connection descriptions

conn %default

keyingtries=0

compress=yes

disablearrivalcheck=no

authby=rsasig

leftrsasigkey=%cert

rightrsasigkey=%cert

conn roadwarrior-net

leftsubnet=172.1.1.0/24

also=roadwarrior

conn roadwarrior

left=%defaultroute

leftcert=node115.key

right=%any

rightsubnet=vhost:%no,%priv

auto=add

pfs=yes

//////////////////////

linux box in subnet(172.1.1.5/24)

# basic configuration

config setup

interfaces=%defaultroute

nat_traversal=yes

klipsdebug=none

plutodebug=all



# Defaults for all connection descriptions

conn %default

keyingtries=0

compress=yes

disablearrivalcheck=no

authby=rsasig

leftrsasigkey=%cert

rightrsasigkey=%cert

conn roadwarrior-net

leftsubnet=172.1.1.0/24

also=roadwarrior

conn roadwarrior

left=10.22.41.115

leftcert=node115.key

right=%defaultroute

rightcert=node82.key

auto=add

pfs=yes

//windows setup

conn roadwarrior

left=%any

right=10.22.41.115

rightca="C=US,ST=MA,L=xxx,O=xxx,OU=software,CN=xxx04072005"

network=auto

auto=start

pfs=yes

#rightsubnet=172.1.1.0/255.255.255.0

conn roadwarrior-net

left=%any

right=10.22.41.115

rightsubnet=172.1.1.0/24

rightca="C=US,ST=MA,L=xxx,O=xxx,OU=software,CN=xxx04072005"

network=auto

auto=start

pfs=yes

With this setup, window connects to gateway works fine, also I bring up roadwarrior

on node(172.1.1.5), but if I do "ipsec --up --show roadwarrior-net", it failed on

"route-host command exited with status 7" and "STATE_QUICK_I1: internal error".

I'm using openswan-1.0.9, and I rebuild the kernel. I suppose NAT-T is enabled, but

I did noticed there is warning said: 

received Vendor ID payload [RFC 3947]

NAT-Traversal: Result using RFC3947: no NAT detected

 

Your help will really appreciated.

Lynn


		
---------------------------------
Discover Yahoo!
 Have fun online with music videos, cool games, IM & more. Check it out!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20050603/20b21970/attachment.htm

More information about the Users mailing list