[Openswan Users] IPCOP NET2NET VPN with NAT

Giorgio Cassina giorgio.cassina at pentex.it
Wed Mar 9 08:23:47 CET 2005 

A newbie writing.... :)

I would like to connect with VPN two location. The current topology is
as follows:

LAN1 (192.168.0.0/24)
--------------------------
         |
         |
192.168.0.254/24 (eth0)
--------------------------
IPCOP 1.4.2  (MOON)
--------------------------
10.0.1.57/24 (eth1)
         |
         |
10.0.1.10/24 (Internal)
--------------------------
ZyXEL Prestige 652-R11 (NAT on all ports, No firewall)
--------------------------
a.b.c.d (public IP)
         |
         |
    internet
         |
         |
--------------------------
CISCO 17xx (x.y.z.1 (public IP))
--------------------------
         |
         |
x.y.z.254 (public IP)
--------------------------
IPCOP 1.4.2  (EARTH)
--------------------------
10.0.0.10/25 (eth0)
         |
         |
--------------------------
LAN1 (10.0.0.0/25)

Here down the ipsec.conf on the two IPCOPs

MOON ipsec.conf
conn ARDCVPN
       left=10.0.1.57
       leftnexthop=a.b.c.d
       leftsubnet=192.168.0.0/255.255.255.0
       right=x.y.z.254
       rightsubnet=10.0.0.0/255.255.255.128
       rightnexthop=x.y.z.1
       authby=secret
       auto=start

EARTH ipsec.conf
conn ARDCVPN
       right=x.y.z.254
       rightsubnet=10.0.0.0/255.255.255.128
       rightnexthop=x.y.z.1
       left=10.0.1.57
       leftsubnet=192.168.0.0/255.255.255.0
       leftnexthop=a.b.c.d
       authby=secret
       auto=start

Authentication method is PSK; on both IPCOPS the ipsec.secrets is:
10.0.1.57 x.y.z.254 : PSK "key removed"

As you can imagine by my post, the VPN isn't established and I receive
the following output into the IPCOP log.

MOON LOG (reverse order):
pluto[3320] "ARDCVPN" #209: starting keying attempt 2 of an unlimited number
pluto[3320] "ARDCVPN" #209: max number of retransmissions (20) reached
STATE_MAIN_I1. No acceptable response to our first IKE message
pluto[3320] "ARDCVPN" #209: initiating Main Mode
pluto[3320] added connection description "ARDCVPN"

EARTH LOG (reverse order):
pluto[32557] packet from a.b.c.d:500: initial Main Mode message
received on x.y.z.254:500 but no connection has been authorized with
policy=PSK
pluto[32557] packet from a.b.c.d:500: ignoring Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-00]
pluto[32557] packet from a.b.c.d:500: ignoring Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02]
pluto[32557] packet from a.b.c.d:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-03]
pluto[32557] "ARDCVPN" #471: initiating Main Mode

Please help me 'cause I'm going crazy. It's two days that I saerch the
web, read messages, man pages, change configurations etc. but i'm not
able to make this thing work.

Hope the informations I placed are enough.

Ciao
Giorgio

More information about the Users mailing list