[Openswan Users] nat problem

Nicolelli Federico nico at tcpsas.com
Thu Oct 19 11:36:13 EDT 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

hi all,
i have some problems with a windows roadwarrior behind a firewall:
this is my ipsec.conf:


version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration
config setup
        nat_traversal=yes
        virtual_private=%v4:10.0.0.0/16
        interfaces="ipsec0=eth0 ipsec1=eth1"
conn l2tp-X.509
        authby=rsasig
        pfs=no
        auto=add
        rekey=no
        left=62.123.146.14
        leftrsasigkey=%cert
        leftcert="omnia.nicolan.com.pem"
        leftca="cacert.pem"
        leftprotoport=17/1701
        #
        right=%any
        rightca="cacert.pem"
        rightid="C=IT, ST=Torino, L=.....etc etc etc...."
        rightrsasigkey=%cert
        rightprotoport=17/1701
        rightsubnet=vhost:%priv,%no
        #ike=aes128-sha,aes128-md5!
        #esp=aes128-sha1,aes128-md5!
include /etc/ipsec.d/examples/no_oe.conf

and this is my log report:

Oct 19 17:27:52 omnia pluto[641]: packet from 85.18.80.194:500: ignoring Vendor ID
payload [MS NT5 ISAKMPOAKLEY 00000004]
Oct 19 17:27:52 omnia pluto[641]: packet from 85.18.80.194:500: ignoring Vendor ID
payload [FRAGMENTATION]
Oct 19 17:27:52 omnia pluto[641]: packet from 85.18.80.194:500: received Vendor ID
payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
Oct 19 17:27:52 omnia pluto[641]: packet from 85.18.80.194:500: ignoring Vendor ID
payload [Vid-Initial-Contact]
Oct 19 17:27:52 omnia pluto[641]: "l2tp-X.509"[1] 85.18.80.194 #1: responding to
Main Mode from unknown peer 85.18.80.194
Oct 19 17:27:52 omnia pluto[641]: "l2tp-X.509"[1] 85.18.80.194 #1: transition from
state STATE_MAIN_R0 to state STATE_MAIN_R1
Oct 19 17:27:52 omnia pluto[641]: "l2tp-X.509"[1] 85.18.80.194 #1: STATE_MAIN_R1:
sent MR1, expecting MI2
Oct 19 17:27:52 omnia pluto[641]: "l2tp-X.509"[1] 85.18.80.194 #1: NAT-Traversal:
Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
Oct 19 17:27:52 omnia pluto[641]: "l2tp-X.509"[1] 85.18.80.194 #1: transition from
state STATE_MAIN_R1 to state STATE_MAIN_R2
Oct 19 17:27:52 omnia pluto[641]: "l2tp-X.509"[1] 85.18.80.194 #1: STATE_MAIN_R2:
sent MR2, expecting MI3
Oct 19 17:27:52 omnia pluto[641]: "l2tp-X.509"[1] 85.18.80.194 #1: Main mode peer
ID is ID_DER_ASN1_DN: 'C=IT, ST=Torino, L=Montanaro, O=nicolan, CN=notebook'
Oct 19 17:27:52 omnia pluto[641]: "l2tp-X.509"[1] 85.18.80.194 #1: no crl from
issuer "C=IT, ST=Italy, L=Montanaro, O=nicolan, CN=nicolan, E=nico at nicolan.com"
found (strict=no)



Thanks
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFN5ttP3cWVWw+7k8RAtd6AKCJeYJ1/gRN1ShhjeGZ1eFcYHoOeQCggasd
liLKvFyZ2ALuNF+Z8/qaJWs=
=Se/l
-----END PGP SIGNATURE-----

More information about the Users mailing list