[Openswan Users] nat problem
Paul Wouters
paul at xelerance.com
Thu Oct 19 13:20:52 EDT 2006
On Thu, 19 Oct 2006, Nicolelli Federico wrote:
> config setup
> nat_traversal=yes
> virtual_private=%v4:10.0.0.0/16
> interfaces="ipsec0=eth0 ipsec1=eth1"
Ok. is the client connecting on the 10.0.0.0/16 range behind the NAT router?
> conn l2tp-X.509
> authby=rsasig
> pfs=no
> auto=add
> rekey=no
> left=62.123.146.14
> leftrsasigkey=%cert
> leftcert="omnia.nicolan.com.pem"
> leftca="cacert.pem"
> leftprotoport=17/1701
> #
> right=%any
> rightca="cacert.pem"
> rightid="C=IT, ST=Torino, L=.....etc etc etc...."
> rightrsasigkey=%cert
> rightprotoport=17/1701
> rightsubnet=vhost:%priv,%no
> #ike=aes128-sha,aes128-md5!
> #esp=aes128-sha1,aes128-md5!
> include /etc/ipsec.d/examples/no_oe.conf
Ok
> and this is my log report:
>
> Oct 19 17:27:52 omnia pluto[641]: packet from 85.18.80.194:500: ignoring Vendor ID
> payload [MS NT5 ISAKMPOAKLEY 00000004]
> Oct 19 17:27:52 omnia pluto[641]: packet from 85.18.80.194:500: ignoring Vendor ID
> payload [FRAGMENTATION]
> Oct 19 17:27:52 omnia pluto[641]: packet from 85.18.80.194:500: received Vendor ID
> payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
> Oct 19 17:27:52 omnia pluto[641]: packet from 85.18.80.194:500: ignoring Vendor ID
> payload [Vid-Initial-Contact]
> Oct 19 17:27:52 omnia pluto[641]: "l2tp-X.509"[1] 85.18.80.194 #1: responding to
> Main Mode from unknown peer 85.18.80.194
> Oct 19 17:27:52 omnia pluto[641]: "l2tp-X.509"[1] 85.18.80.194 #1: transition from
> state STATE_MAIN_R0 to state STATE_MAIN_R1
> Oct 19 17:27:52 omnia pluto[641]: "l2tp-X.509"[1] 85.18.80.194 #1: STATE_MAIN_R1:
> sent MR1, expecting MI2
> Oct 19 17:27:52 omnia pluto[641]: "l2tp-X.509"[1] 85.18.80.194 #1: NAT-Traversal:
> Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
> Oct 19 17:27:52 omnia pluto[641]: "l2tp-X.509"[1] 85.18.80.194 #1: transition from
> state STATE_MAIN_R1 to state STATE_MAIN_R2
> Oct 19 17:27:52 omnia pluto[641]: "l2tp-X.509"[1] 85.18.80.194 #1: STATE_MAIN_R2:
> sent MR2, expecting MI3
> Oct 19 17:27:52 omnia pluto[641]: "l2tp-X.509"[1] 85.18.80.194 #1: Main mode peer
> ID is ID_DER_ASN1_DN: 'C=IT, ST=Torino, L=Montanaro, O=nicolan, CN=notebook'
> Oct 19 17:27:52 omnia pluto[641]: "l2tp-X.509"[1] 85.18.80.194 #1: no crl from
> issuer "C=IT, ST=Italy, L=Montanaro, O=nicolan, CN=nicolan, E=nico at nicolan.com"
> found (strict=no)
There should be more errors or success messages after this?
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list