[Openswan Users] NAT-T
Oliver Tomkins
oliver.tomkins at alliedvehicles.co.uk
Fri Mar 24 16:27:26 CET 2006
> I assumed you were talking about running tcpdump on your vpn server, not on
> your router.
so I'm less confused now!
>> Also I see this in /var/log/secure
>>
>> ERROR: asynchronous network error report on eth0 (sport=500) for message to
>> (client IP) port 4500, complainant (gateway): Connection refused [errno 111,
>> origin ICMP type 3 code 3 (not authenticated)]
>
> Seems there is some confusion about ports. Are you forwarding both port 500 and
> 4500? Does the IPsec SA Estbalished message show a NATD= entry with a port?
I'm a little unsure of what you mean by forwarding both ports?
NATD is as follows:
pluto[2132]: "note"[1] XX.XXX.XXX.XX #6: STATE_QUICK_R2: IPsec SA
established {ESP=>0x60b11015 <0xeb54ec4a xfrm=
3DES_0-HMAC_MD5 NATD=XX.XX.XX.XX:4500 DPD=none}
Thanks,
Olly.
The information in this e-mail is confidential. The contents may not be disclosed or used by anyone other than the addressee. If you are not the intended recipient, please notify the sender immediately by reply e-mail and delete this message. Allied Vehicles cannot accept any responsibility for the accuracy or completeness of this message as it has been transmitted over a public network.
For details of our products and services please visit our website at www.alliedvehicles.co.uk
More information about the Users
mailing list