[Openswan Users] NAT problems

Paul Wouters paul at xelerance.com
Thu Jan 12 02:31:31 CET 2006

On Wed, 11 Jan 2006, Geert Janssens wrote:

> > > "kobaltwit-to-auxima"[1] #1: cannot respond to IPsec
> > > SA request because no connection is known for
> > >[C=BE, L=Grimbergen, O=Kobalt W.I.T.,
> > > CN=auxima.homeip.net]...[C=BE, L=Grimbergen, O=Kobalt
> > > W.I.T., CN=kobaltwit.homelinux.com]===
> >
> > Are you NATing to ?
> Well, the firewall on that side does port forwarding from to
>, so I presume it's NATing this. This firewall is not a linux box,
> but a 'cheap' hub with firewall built-in, so I don't have much insight on
> what happens under the hood.

hmm, yes that sort of qualifies at nat.

> > If so, do you have that range in virtual_private on the server side?
> No. As I understood, this shouldn't be ?

Your problem is that you're changing IP's on both ends.

> Anyway here's the server's config setup section:
> config setup
>         interfaces=%defaultroute
>         nat_traversal=yes
>         virtual_private=%v4:

I believe you need a patch for this kind of situation. It might be pending in
our bugracker or jacco might have a pointer to it.


More information about the Users mailing list