[Openswan Users] openswan - zyxel problem

Dominik Schmid dominik_schmid at gmx.ch
Fri May 6 00:37:54 CEST 2005 

Hi

I have testet the connection with pc ----- zyxel router ===========
openswan --------- pc -----> that works.

Now i want to set the openswan server into the internet that looks so:

pc [192.168.10.50] ----- zyxel router [192.168.0.187] (nat) =======
internet gateway (nat) ======== zyxel router (nat + portforwarding
500/4500) [192.168.1.1] ============ [192.168.1.5] openswan
[192.168.2.1] ------- pc -----> doesn't work.


Have i set the wrong parameters once more?

Thanks Dominik

ipsec.conf
----------
version 2.0
config setup
         interfaces=%defaultroute
         nat_traversal=yes
conn %default
         keyingtries=3
conn zywall
         left=192.168.1.5
         leftsubnet=192.168.2.0/24
         leftnexthop=%defaultroute
         right=%any
         rightsubnet=192.168.10.50/32
         rightnexthop=%defaultroute
         pfs=yes
         auto=start
         authby=secret

conn block
         auto=ignore

conn private
         auto=ignore

conn private-or-clear
         auto=ignore

conn clear-or-private
         auto=ignore

conn clear
         auto=ignore

conn packetdefault
         auto=ignore

ipsec.secrets
-------------
192.168.1.5 %any : PSK "key"

auth.log
--------
Apr 28 22:39:22 localhost pluto[12404]: adding interface eth0:0/eth0:0
192.168.2.1:4500
Apr 28 22:39:22 localhost pluto[12404]: adding interface eth0/eth0
192.168.1.5
Apr 28 22:39:22 localhost pluto[12404]: adding interface eth0/eth0
192.168.1.5:4500
Apr 28 22:39:22 localhost pluto[12404]: adding interface lo/lo 127.0.0.1
Apr 28 22:39:22 localhost pluto[12404]: adding interface lo/lo
127.0.0.1:4500
Apr 28 22:39:22 localhost pluto[12404]: NAT-Traversal: ESPINUDP(1) not
supported by kernel -- NAT-T disabled
Apr 28 22:39:22 localhost pluto[12404]: adding interface lo/lo ::1
Apr 28 22:39:22 localhost pluto[12404]: NAT-Traversal: ESPINUDP(2) not
supported by kernel -- NAT-T disabled
Apr 28 22:39:22 localhost pluto[12404]: adding interface lo/lo ::1:4500
Apr 28 22:39:22 localhost pluto[12404]: loading secrets from
"/etc/ipsec.secrets"
Apr 28 22:39:22 localhost pluto[12404]: "zywall": cannot route template
policy of PSK+ENCRYPT+TUNNEL+PFS
Apr 28 22:39:22 localhost pluto[12404]: "zywall": cannot initiate
connection without knowing peer IP address (kind=CK_TEMPLATE)

More information about the Users mailing list