[Openswan Users] Server openswan/L2TP NATED
Flavian Dola
flavian.dola at fimm.net
Mon Jun 12 18:42:37 CEST 2006
Hi list,
Here is my problem.
I have this configuration:
roadwarriorr
(dynamicIP)
|
|
Internet
|
|
123.123.123.123
NATbox
192.168.128.1
| (192.168.128.0/17)
|
192.168.128.2
L2TP/IPSEC
192.168.0.1
|
|
LAN (192.168.0.0/17)
So, when I try to establish a L2TP connexion I've got these logs:
pluto[25671]: "roadwarrior"[3] xxx.xxx.xxx.xxx #15: STATE_MAIN_R3: sent
MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
pluto[25671]: "roadwarrior"[3] xxx.xxx.xxx.xxx #15: cannot respond to
IPsec SA request because no connection is known for
123.123.123.123/32===192.168.128.2:17/1701...xxx.xxx.xxx.xxx:17/1701
I use openswan-2.4.5rc4
Here is my ipsec.conf:
config setup
interfaces="%defaultroute"
nat_traversal=yes
klipsdebug=none
plutodebug=none
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/17,%v4:!192.168.128.0/17
fragicmp=no
conn %default
keyingtries=1
compress=yes
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
conn roadwarrior
left=192.168.128.2
leftnexthop=192.168.128.1
leftcert=cert.pem
right=%any
rightsubnet=vhost:%no,%priv
auto=add
pfs=yes
conn roadwarrior-l2tp
leftprotoport=17/1701
rightprotoport=17/1701
rightca=%same
pfs=no
compress=no
also=roadwarrior
conn roadwarrior-l2tp-oldwin
leftprotoport=17/0
rightprotoport=17/1701
rightca=%same
pfs=no
compress=no
also=roadwarrior
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
Any helps will appreciated. Thanks
More information about the Users
mailing list