[Openswan Users] SA established but not ping

[sasa]

"Paul Wouters" wrote:

> Not really if NAT is involved. Initiating might work while responding 
> might fail,
> or visa versa, when assymtric routing with/without NAT is happening.

..but what's the parameter that is incorrect in my conf ?? because ipsec 
doing NAT also isn't necessary ??
and because I have the error message:

Jan  2 17:54:26 fw2 ipsec__plutorun: ...could not start conn "princ-cardito"

...my ipsec are:

config setup
interfaces="ipsec0=eth0"
conn %default
authby=rsasig
conn princ-cardito
auto=start
pfs=yes
#sede left princ
left=5.6.7.8
leftsubnet=192.168.0.0/24
leftnexthop=5.6.7.9
# RSA 2192 bits   test2   Thu Dec 29 14:09:50 2005
leftrsasigkey=0sAQ...
#sede right cardito
right=1.2.3.4
rightsubnet=10.0.1.0/24
rightnexthop=1.2.3.5
# RSA 2192 bits   fw2   Thu Dec 29 14:00:00 2005
rightrsasigkey=0sAQ....
include /etc/ipsec.d/examples/no_oe.conf

..and on second end-point:

config setup
virtual_private=%v4:172.16.0.0/12,%v4:192.168.1.0,%v4:!192.168.0.0/24
interfaces="ipsec0=eth0"
nat_traversal=yes

conn %default
esp=3des-md5
rekey=no
conn princ-cardito
auto=start
authby=rsasig
pfs=yes
#sede left princ
left=5.6.7.8
leftsubnet=192.168.0.0/24
leftnexthop=5.6.7.9
# RSA 2192 bits   test2   Thu Dec 29 14:09:50 2005
leftrsasigkey=0sAQ....
#sede right cardito
right=1.2.3.4
rightsubnet=10.0.1.0/24
rightnexthop=1.2.3.5
# RSA 2192 bits   fw2   Thu Dec 29 14:00:00 2005
rightrsasigkey=0s....
conn left-road
auto=add
authby=secret
pfs=no
#left indica ip pub della eth0 sul fw
left=5.6.7.8
#leftnexthop indica lip pub assegnato al router adsl
leftnexthop=5.6.7.9
leftprotoport=17/1701
right=%any
rightprotoport=17/1701
rightsubnet=vhost:%no,%priv
include /etc/ipsec.d/examples/no_oe.conf


------
Salvatore.