[Openswan Users] FC3 VPN server behind NAT not working... HELP....

Deepak Naidu deepak_nai at yahoo.com
Fri May 6 10:05:52 CEST 2005 

Hi,

 I have configured Openswan 2.3.1(which includes NAT
patch) and also pacthed a NAT patch for VPN server
running behind NAT

Server Openswan 2.3.1 on FC3 
Client winxp with sp2 using l2tpd/ppp conenction,
using 
dialup

When connecting for XP using VPN dialer with l2tpd
settings, i get error in vpn secure log stating

May  6 13:38:26 eftest pluto[30001]: packet from
202.149.x.x:500: ignoring Vendor ID payload
[Vid-Initial-Contact]
May  6 13:38:26 eftest pluto[30001]: packet from
202.149.x.x:500: initial Main Mode message received on
192.168.2.214:500 but no connection has been
authorized

Port 500, 4500 and 1701 is natted to my VPN server
from the gateway.

I only see port 500 packets in tcpdump at my internet
gateway.

IS the NATTING patch working or is there any
workaround.
Please help me ....

If uall need any info, please let me know.

Regards,
Deepak

***********
My server ipsec.conf is below.
***********

version 2.0
config setup
        interfaces=%defaultroute
        klipsdebug=none
        plutodebug=none
        overridemtu=1410
        nat_traversal=yes
       
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16

conn %default
        keyingtries=3
        compress=yes
        disablearrivalcheck=no
        authby=secret
        type=tunnel
        keyexchange=ike
        ikelifetime=240m
        keylife=60m

conn roadwarrior-net
        leftsubnet=192.168.2.0/24
        also=roadwarrior

conn roadwarrior-all
        leftsubnet=0.0.0.0/0
        also=roadwarrior

conn roadwarrior-l2tp
        leftprotoport=17/0
        rightprotoport=17/1701
        also=roadwarrior
        type=tunnel
        keyexchange=ike
        ikelifetime=240m
        keylife=60m

conn roadwarrior-net
        leftsubnet=192.168.2.0/24
        also=roadwarrior

conn roadwarrior-all
        leftsubnet=0.0.0.0/0
        also=roadwarrior

conn roadwarrior-l2tp
        leftprotoport=17/0
        rightprotoport=17/1701
        also=roadwarrior

conn roadwarrior-l2tp-updatedwin
        leftprotoport=17/1701
        rightprotoport=17/1701
        also=roadwarrior

conn roadwarrior
        pfs=no
        left=202.149.x.x
        leftnexthop=202.149.x.x
        right=%any
        rightsubnet=vhost:%no,%priv
        auto=add



		
___________________________________________________________ 
How much free photo storage do you get? Store your holiday 
snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com

More information about the Users mailing list