[Openswan Users] ipsec.conf issue

Thiago Campos tmclistas at uol.com.br
Fri Sep 16 15:22:03 CEST 2005


Norman and John,

If i put the internal ip server i wont be able to access it from the web.
Above my full ipsec.conf (I added the nat_traversal), this configurantion 
worked when testing local.

# Manual:     ipsec.conf.5
version 2.0     # conforms to second version of ipsec.conf specification
# basic configuration
config setup
        # Debug-logging controls:  "none" for (almost) none, "all" for lots.
         klipsdebug=none
         plutodebug="control parsing"
        nat_traversal=yes
# Add connections here
# Conexao Sabaf <-> Road Warrior
conn sbfroad
    authby=secret
    pfs=no
    left=external_ip_server
    leftprotoport=17/1701
    right=%any
    rightprotoport=17/1701
    auto=add

#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf

I think the problem is related to some route that i have to add, but i don't 
know how.
Please take a look on my /var/log/secure

ERROR: asynchronous network error report on eth1 (sport=4500) for message to 
road_gateway_ip port 62903, complainant external_ip_server: No route to host 
[errno 113, origin ICMP type 3 code 1 (not authenticated)]

Thanks for your pacience

Thiago

----- Original Message ----- 
From: "Norman Rasmussen" <normanr at gmail.com>
To: "Thiago Campos" <tmclistas at uol.com.br>
Cc: <users at openswan.org>
Sent: Thursday, September 15, 2005 8:22 PM
Subject: Re: [Openswan Users] ipsec.conf issue


try left=internal_ip_server

and make sure that nat_traversal is yes, and that if xp is sp2 that
the registry patch is installed.

On 16/09/05, Thiago Campos <tmclistas at uol.com.br> wrote:
>
> Hi,
>
> My box is a Fedora Core 3 with kernel 2.6.12-1.1372_FC3 
> openswan-2.4.0rc3-1,
> openswan-klips-2.4.0rc32.6.12_1.1372_FC3_1
>
> My point is that i want to connect to a vpn server from any point
>
> ipsec.conf
>
> conn sbfroad
>     authby=secret
>     pfs=no
>     left=external_ip_server
>     leftprotoport=17/1701
>     right=%any
>     rightprotoport=17/1701
>     auto=add
>
> ipsec.secrets
>
> external_ip_server: PSK "phase"
>
> The client is a Win XP Pro and its behind a gateway
>
> My /var/log/secure tell:
>
> Sep 15 18:27:27 sbf-vpn pluto[5214]: "sbfroad"[2] road_gateway_ip#1: 
> cannot
> respond to IPsec SA request because no connection is known for
> external_ip_server:17/1701...road_gateway_ip[192.168.0.11]:17/1701===192.168.0.11/32
>
> Please if somebody could send me some help i'd be very glad
>
> Thanks  a lot
>
> Thiago
>
>
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>
>
>


-- 
- Norman Rasmussen
 - Email: norman at rasmussen.co.za
 - Home page: http://norman.rasmussen.co.za/ 



More information about the Users mailing list