[Openswan Users] Stuck Connection

Tue Oct 10 12:58:48 EDT 2006

On Tue, 10 Oct 2006, Mark Olliver wrote:

> I presume you mean the following for the config:
> conn iecollo-ukoffice
>         left=81.17.242.10
>         leftsubnet=192.168.242.0/24
>         leftsourceip=192.168.242.254
>         right=212.159.53.154
>         rightsubnet=192.168.234.0/24
>         rightsourceip=192.168.234.1

Yes.

> You say the NAT will break the connection, surely as I am only NAT'ing eth0
> packets that are going directly out eth1 and not via ipsec then the ipsec
> packets should not be effected?

I meant, provided the *other* end does the same and not accidently NAT
the reply packets, so your end will those them away for not matching the
digital signatures.

> Yes I am using kernel 2.6.8 and ipsec 2.4.6 but I did not see any errors
> when building both built ok,as far as I know, would you suggest a different
> combination?

Oh, you wrote 2.6.18 before, not 2.6.8.

> The remote device is a snapgear cyberquard device running their latest
> kernel which runs some form of Pluto/klips I belive.

Ahh. so it should work yes. What does 'ipsec verify' say?

Paul
-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155