[Openswan Users] NATED IPSEC Server, is it poosible? I get the error: no connection is known for ...

foren titze foren.titze at gmx.net
Tue Jun 28 12:59:09 CEST 2005

Hello users.

I try to move my ipsec server (with openswan 2.3.1 and kernel 2.6.11) behind a 
Firewall that does SNAT and DNAT.

my working config is: Server has an externel 195.xxx.xxx.xxx IP and wouldn't 
be nated.
now i try to change the external IP into 10.0.0.x. The eth0 has the 10.0.0.x 
IP and the left= parameter is set to
All services are restarted.

The firewall change the 195.xxx.xxx.xxx IP to and backwards with 

Now I get this error:

------------------------ #2: cannot respond to IPsec SA request because no connection is 
known for 195.xxx.xxx.22/32===[C=DE, ST=NRW, L=Duesseldorf, O=xxx, 
OU=Server-Cert, CN=klaus, E=xxx at www.de]:17/1701...[C=DE, 
ST=NRW, L=Duesseldorf, O=xxx, OU=Unix-Admin, CN=klais, 
E=klais at www.de]:17/1701

I the a alternative to NAT the server.
Clients are always nated too.



More information about the Users mailing list