[Openswan Users] NAT-T & non-NAT clients
Oliver Tomkins
oliver.tomkins at alliedvehicles.co.uk
Wed Mar 29 16:15:01 CEST 2006
> The example files for l2tpd in /etc/ipsec.d/examples should show this.
>
> Use two seperate connections. eg do not use rightsubnet=vhost:%no,%priv, but
> use one without rightsubnet, and one with rightsubnet=vhost:%priv .
>
This hasn't worked for me.
The connection is identified correctly and an SA comes up but does not
mention NAT:
ISAKMP SA established {auth=OAKLEY_RSA_SIG cipher=oakley_3des_cbc_1
92 prf=oakley_sha group=modp2048}
Than shortly afterwards:
cannot respond to IPsec SA request because no connection is known for
I'm also seeing fragmentation on the certificate exchange
Mar 29 10:50:36 wrangler pluto[2132]: packet from XX.XX.XX.XX:500:
ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Mar 29 10:50:36 wrangler pluto[2132]: packet from XX.XX.XX.XX:500:
ignoring Vendor ID payload [FRAGMENTATION]
The information in this e-mail is confidential. The contents may not be disclosed or used by anyone other than the addressee. If you are not the intended recipient, please notify the sender immediately by reply e-mail and delete this message. Allied Vehicles cannot accept any responsibility for the accuracy or completeness of this message as it has been transmitted over a public network.
For details of our products and services please visit our website at www.alliedvehicles.co.uk
More information about the Users
mailing list