[Openswan Users] problem with NATT and openswan
Paul Wouters
paul at xelerance.com
Wed Sep 14 19:24:22 CEST 2005
On Wed, 14 Sep 2005, Darcy Ganga wrote:
> AAA.AAA.AAA.AAA = network segment internal 1
> BBB.BBB.BBB.BBB = network segment internal 2
> XXX.XXX.XXX.XXX = Eth0 interface (external)
> YYY.YYY.YYY.YYY = external IP, try connect using NAT-T
It is next to impossible to debug your situation with nat
if you do not expose the real configuration.
> config setup
> interfaces=%defaultroute
> nat_traversal=yes
> # virtual_private=%v4:192.168.0.0/16
You must have the proper virtual_private setting, or NAT-T won't work
> conn roadwarrior-net
> conn roadwarrior-net2
> conn roadwarrior-all
> conn roadwarrior
> conn roadwarrior-l2tp
> conn roadwarrior-l2tp-updatedwin
Combing them all might not work as expected. Configure the other
connections temporarilly with auto=ignore, so that you can focus
on debuggin one conn at a time
> Sep 13 22:43:01 dns pluto[8414]: Starting Pluto (Openswan Version 2.1.5
> Sep 13 22:43:57 dns pluto[8414]: packet from YYY.YYY.YYY.YYY:62410: next
> payload type of ISAKMP Message has an unknown value:108
This is either a bug in openswan, or a bad secret. Probably the first.
Try upgrading openswan to a more recent version. 2.4.0 or 2.3.1
Paul
More information about the Users
mailing list