[Openswan Users] NATED IPSEC Server, is it poosible? I get the error: no connection is known for ...

foren titze foren.titze at gmx.net
Tue Jun 28 12:59:09 CEST 2005


Hello users.

I try to move my ipsec server (with openswan 2.3.1 and kernel 2.6.11) behind a 
Firewall that does SNAT and DNAT.

my working config is: Server has an externel 195.xxx.xxx.xxx IP and wouldn't 
be nated.
now i try to change the external IP into 10.0.0.x. The eth0 has the 10.0.0.x 
IP and the left= parameter is set to 10.0.0.58.
All services are restarted.

The firewall change the 195.xxx.xxx.xxx IP to 10.0.0.58 and backwards with 
DNAT and SNAT.

Now I get this error:

------------------------
80.226.234.106 #2: cannot respond to IPsec SA request because no connection is 
known for 195.xxx.xxx.22/32===10.0.0.58[C=DE, ST=NRW, L=Duesseldorf, O=xxx, 
OU=Server-Cert, CN=klaus, E=xxx at www.de]:17/1701...80.226.234.106[C=DE, 
ST=NRW, L=Duesseldorf, O=xxx, OU=Unix-Admin, CN=klais, 
E=klais at www.de]:17/1701
---------------------

I the a alternative to NAT the server.
Clients are always nated too.


Thanks

Benjamin


More information about the Users mailing list