[Openswan Users] seems ok but receive 678 error
Luca Ballerini
luca.ballerini at gmail.com
Fri May 20 16:53:14 CEST 2005
On 5/20/05, Jacco de Leeuw <jacco2 at dds.nl> wrote:
> Never NAT port 1701 from the router to your Debian box! It is not safe.
thanks I was deseprated so I tried every way!!!!!
>
> First, you need to add rightsubnet=vhost:%no,%priv. You also need
> to add a line to 'conn setup':
> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.x.0/24
> where 192.168.x.0/24 would be your internal network.
>
> Leftsubnet needs to be replaced by leftnexthop=x.x.x.x (internal router ip).
doing this I have
cannot respond to IPsec SA request because no connection is known for
ROUTER_PUBLIC_IP/ROUTER_MASK===DEBIAN_LOCAL_IP:4500
think it's wrong
>
> Because the server is NATed you also need an experimental patch by Bernd
> Galonska (unless this issue is fixed in the upcoming Openswan 2.3.2):
upcoming
> http://www.jacco2.dds.nl/networking/patches/openswan-2.3.0-NATserver.patch
> http://www.jacco2.dds.nl/networking/patches/openswan-2.3.1-NATserver.patch
>
I installed the unstable package available at debian.org (2.3.0-2),
how can I patch this one????
last question:
this is needed only if both sides are NATed??? because I've problems
also from a dialup roadwarrior, or that doesn't matter????.
thanks in advance and again for best support
luca
--
There is no great genius without a mixture of madness.
Aristotle
More information about the Users
mailing list