[Openswan Users] openswan - zyxel problem

lee huughes toxicnaan at gmail.com
Fri May 6 15:26:26 CEST 2005 

you need to set your 

>          right=%any

parameter to the address of the public ip address of the remote zyxel router

make sure you forward port forward 4500 at both end (I think).

good luck 



On 5/5/05, Dominik Schmid <dominik_schmid at gmx.ch> wrote:
> Hi
> 
> I have testet the connection with pc ----- zyxel router ===========
> openswan --------- pc -----> that works.
> 
> Now i want to set the openswan server into the internet that looks so:
> 
> pc [192.168.10.50] ----- zyxel router [192.168.0.187] (nat) =======
> internet gateway (nat) ======== zyxel router (nat + portforwarding
> 500/4500) [192.168.1.1] ============ [192.168.1.5] openswan
> [192.168.2.1] ------- pc -----> doesn't work.
> 
> Have i set the wrong parameters once more?
> 
> Thanks Dominik
> 
> ipsec.conf
> ----------
> version 2.0
> config setup
>          interfaces=%defaultroute
>          nat_traversal=yes
> conn %default
>          keyingtries=3
> conn zywall
>          left=192.168.1.5
>          leftsubnet=192.168.2.0/24
>          leftnexthop=%defaultroute
>          right=%any
>          rightsubnet=192.168.10.50/32
>          rightnexthop=%defaultroute
>          pfs=yes
>          auto=start
>          authby=secret
> 
> conn block
>          auto=ignore
> 
> conn private
>          auto=ignore
> 
> conn private-or-clear
>          auto=ignore
> 
> conn clear-or-private
>          auto=ignore
> 
> conn clear
>          auto=ignore
> 
> conn packetdefault
>          auto=ignore
> 
> ipsec.secrets
> -------------
> 192.168.1.5 %any : PSK "key"
> 
> auth.log
> --------
> Apr 28 22:39:22 localhost pluto[12404]: adding interface eth0:0/eth0:0
> 192.168.2.1:4500
> Apr 28 22:39:22 localhost pluto[12404]: adding interface eth0/eth0
> 192.168.1.5
> Apr 28 22:39:22 localhost pluto[12404]: adding interface eth0/eth0
> 192.168.1.5:4500
> Apr 28 22:39:22 localhost pluto[12404]: adding interface lo/lo 127.0.0.1
> Apr 28 22:39:22 localhost pluto[12404]: adding interface lo/lo
> 127.0.0.1:4500
> Apr 28 22:39:22 localhost pluto[12404]: NAT-Traversal: ESPINUDP(1) not
> supported by kernel -- NAT-T disabled
> Apr 28 22:39:22 localhost pluto[12404]: adding interface lo/lo ::1
> Apr 28 22:39:22 localhost pluto[12404]: NAT-Traversal: ESPINUDP(2) not
> supported by kernel -- NAT-T disabled
> Apr 28 22:39:22 localhost pluto[12404]: adding interface lo/lo ::1:4500
> Apr 28 22:39:22 localhost pluto[12404]: loading secrets from
> "/etc/ipsec.secrets"
> Apr 28 22:39:22 localhost pluto[12404]: "zywall": cannot route template
> policy of PSK+ENCRYPT+TUNNEL+PFS
> Apr 28 22:39:22 localhost pluto[12404]: "zywall": cannot initiate
> connection without knowing peer IP address (kind=CK_TEMPLATE)
> 
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>

More information about the Users mailing list