[Openswan Users] NAT problems
Paul Wouters
paul at xelerance.com
Thu Jan 12 02:31:31 CET 2006
On Wed, 11 Jan 2006, Geert Janssens wrote:
> > > "kobaltwit-to-auxima"[1] 84.195.167.62:4500 #1: cannot respond to IPsec
> > > SA request because no connection is known for
> > > 81.83.108.106/32===192.168.2.2:4500[C=BE, L=Grimbergen, O=Kobalt W.I.T.,
> > > CN=auxima.homeip.net]...84.195.167.62:4500[C=BE, L=Grimbergen, O=Kobalt
> > > W.I.T., CN=kobaltwit.homelinux.com]===192.168.0.2/32
> >
> > Are you NATing 81.83.108.106/32 to 192.168.2.2 ?
> Well, the firewall on that side does port forwarding from 81.83.108.106 to
> 192.168.2.2, so I presume it's NATing this. This firewall is not a linux box,
> but a 'cheap' hub with firewall built-in, so I don't have much insight on
> what happens under the hood.
hmm, yes that sort of qualifies at nat.
> > If so, do you have that range in virtual_private on the server side?
> No. As I understood, this shouldn't be ?
Your problem is that you're changing IP's on both ends.
> Anyway here's the server's config setup section:
> config setup
> interfaces=%defaultroute
> nat_traversal=yes
> virtual_private=%v4:192.168.0.0/24
I believe you need a patch for this kind of situation. It might be pending in
our bugracker or jacco might have a pointer to it.
Paul
More information about the Users
mailing list