[Openswan Users] NAT-T and sentinel problem

[Domenico Actis Grosso]

Hi to all, I've a little problem with my configuration: it doesn' work !
Pls help!


I run opeswan 2.3.0 on a fedora core 2 server configured as shown below:


eth1                         eth0                router
10.217.137.0/26-------192.168.1.2------192.168.1.1======PUBLIC_STATIC_IP

The public_static ip is natted to 192.168.1.2.

The subnet configured on eth1 is masqueraded .

iptables -t nat -A POSTROUTING -s 10.217.137.0/26 -o eth0 -j MASQUERADE


I've installed openswan with rpm founded through www.openswan.org 

Here my ipsec.conf

version 2.0

config setup
        interfaces=%defaultroute
        nat_traversal=yes
        virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:!192.168.1.0/24,%v4:192.168.3.0/24

conn %default
        keyingtries=1
        compress=yes
        disablearrivalcheck=no
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert

conn roadwarrior-net
        leftsubnet=10.217.137.0/26
        also=roadwarrior

conn roadwarrior
        left=%defaultroute
        leftcert=/etc/ipsec.d/certs/certificato.pem
        right=%any
        rightsubnet=vhost:%no,%priv
        auto=add
        pfs=yes

include /etc/ipsec.d/examples/no_oe.conf

Tunnel correctly starts.

I've one switch directly connected to eth1, and another switch to the previous one.

I can ping all things connected to the first switch and NOTHING connected to the other.

LAN config is ok because I can ping everything from the gateway itself.

Thanks

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20050321/f628f35e/attachment-0001.htm