[Openswan Users] [SOLVED!]
Tomasz Grzelak
tgrzelak at wktpolska.com.pl
Wed Aug 2 09:37:24 CEST 2006
Tomasz Grzelak wrote:
> Aug 1 08:32:11 localhost pluto[2951]: "roadwarrior"[4] 213.76.39.241
> #5: STATE_QUICK_R2: IPsec SA established {ESP=>0x57fd5b67 <0x7c1d7d10
> xfrm=3DES_0-HMAC_MD5 NATD=none DPD=none}
>
> The are no responses sent to the client.
> Please, have a look at the routing table and the tcpdump log - there are
> some suspicious records.
> The routing table:
>
> ----------------------------------------------------------------------------
>
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> 213.76.39.241 0.0.0.0 255.255.255.255 UH 0 0 0
> eth0
> 172.20.20.0 0.0.0.0 255.255.255.240 U 0 0 0
> eth1
> A.B.C.128 0.0.0.0 255.255.255.240 U 0 0 0 eth0
> 0.0.0.0 A.B.C.129 0.0.0.0 UG 0 0 0 eth0
> ----------------------------------------------------------------------------
>
>
> It looks like the server does not know how to reach the client, so no
> responses are sent. Can you explain how to correct this? It looks like
> the reason of my problems.
>
> Can you also look at my ipsec.conf file and tell me if it is correct to
> support roadwarriors? (I sent it in my first mail, but I can attach it
> again if you want).
I found it! :)
Like I said, the problem was not related to NAT but to routing.
I had to add one line to ipsec.conf to make it work:
leftnexthop=A.B.C.129
Regards,
Tomasz Grzelak
More information about the Users
mailing list