[Openswan Users] NAT problems
Geert Janssens
info at kobaltwit.be
Wed Jan 11 22:43:59 CET 2006
On Wednesday 11 January 2006 21:37, Paul Wouters wrote:
> On Wed, 11 Jan 2006, Geert Janssens wrote:
> > Thank you for the fast response and sorry to bother you again. I changed
> > the configuration to have the vhost rightsubnet on the server only. When
> > I try to bring up the connection, it gets stuck in STATE_QUICK_I1.
> >
> > On the server I have the following log messages:
> > | ***parse ISAKMP Identification Payload (IPsec DOI):
>
> Please do not use pludebug= to debug configuration issues.
>
Sorry, I thought the detailed report was helping.
> > "kobaltwit-to-auxima"[1] 84.195.167.62:4500 #1: cannot respond to IPsec
> > SA request because no connection is known for
> > 81.83.108.106/32===192.168.2.2:4500[C=BE, L=Grimbergen, O=Kobalt W.I.T.,
> > CN=auxima.homeip.net]...84.195.167.62:4500[C=BE, L=Grimbergen, O=Kobalt
> > W.I.T., CN=kobaltwit.homelinux.com]===192.168.0.2/32
>
> Are you NATing 81.83.108.106/32 to 192.168.2.2 ?
Well, the firewall on that side does port forwarding from 81.83.108.106 to
192.168.2.2, so I presume it's NATing this. This firewall is not a linux box,
but a 'cheap' hub with firewall built-in, so I don't have much insight on
what happens under the hood.
> If so, do you have that range in virtual_private on the server side?
No. As I understood, this shouldn't be ?
Anyway here's the server's config setup section:
config setup
interfaces=%defaultroute
nat_traversal=yes
virtual_private=%v4:192.168.0.0/24
Geert
--
Kobalt W.I.T.
Web & Information Technology
Brusselsesteenweg 152
1850 Grimbergen
Tel : +32 479 339 655
Email: info at kobaltwit.be
More information about the Users
mailing list