[Openswan Users] nat problem

Paul Wouters paul at xelerance.com
Thu Oct 19 13:20:52 EDT 2006


On Thu, 19 Oct 2006, Nicolelli Federico wrote:

> config setup
>         nat_traversal=yes
>         virtual_private=%v4:10.0.0.0/16
>         interfaces="ipsec0=eth0 ipsec1=eth1"

Ok. is the client connecting on the 10.0.0.0/16 range behind the NAT router?

> conn l2tp-X.509
>         authby=rsasig
>         pfs=no
>         auto=add
>         rekey=no
>         left=62.123.146.14
>         leftrsasigkey=%cert
>         leftcert="omnia.nicolan.com.pem"
>         leftca="cacert.pem"
>         leftprotoport=17/1701
>         #
>         right=%any
>         rightca="cacert.pem"
>         rightid="C=IT, ST=Torino, L=.....etc etc etc...."
>         rightrsasigkey=%cert
>         rightprotoport=17/1701
>         rightsubnet=vhost:%priv,%no
>         #ike=aes128-sha,aes128-md5!
>         #esp=aes128-sha1,aes128-md5!
> include /etc/ipsec.d/examples/no_oe.conf

Ok

> and this is my log report:
>
> Oct 19 17:27:52 omnia pluto[641]: packet from 85.18.80.194:500: ignoring Vendor ID
> payload [MS NT5 ISAKMPOAKLEY 00000004]
> Oct 19 17:27:52 omnia pluto[641]: packet from 85.18.80.194:500: ignoring Vendor ID
> payload [FRAGMENTATION]
> Oct 19 17:27:52 omnia pluto[641]: packet from 85.18.80.194:500: received Vendor ID
> payload [draft-ietf-ipsec-nat-t-ike-02_n] method set to=106
> Oct 19 17:27:52 omnia pluto[641]: packet from 85.18.80.194:500: ignoring Vendor ID
> payload [Vid-Initial-Contact]
> Oct 19 17:27:52 omnia pluto[641]: "l2tp-X.509"[1] 85.18.80.194 #1: responding to
> Main Mode from unknown peer 85.18.80.194
> Oct 19 17:27:52 omnia pluto[641]: "l2tp-X.509"[1] 85.18.80.194 #1: transition from
> state STATE_MAIN_R0 to state STATE_MAIN_R1
> Oct 19 17:27:52 omnia pluto[641]: "l2tp-X.509"[1] 85.18.80.194 #1: STATE_MAIN_R1:
> sent MR1, expecting MI2
> Oct 19 17:27:52 omnia pluto[641]: "l2tp-X.509"[1] 85.18.80.194 #1: NAT-Traversal:
> Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
> Oct 19 17:27:52 omnia pluto[641]: "l2tp-X.509"[1] 85.18.80.194 #1: transition from
> state STATE_MAIN_R1 to state STATE_MAIN_R2
> Oct 19 17:27:52 omnia pluto[641]: "l2tp-X.509"[1] 85.18.80.194 #1: STATE_MAIN_R2:
> sent MR2, expecting MI3
> Oct 19 17:27:52 omnia pluto[641]: "l2tp-X.509"[1] 85.18.80.194 #1: Main mode peer
> ID is ID_DER_ASN1_DN: 'C=IT, ST=Torino, L=Montanaro, O=nicolan, CN=notebook'
> Oct 19 17:27:52 omnia pluto[641]: "l2tp-X.509"[1] 85.18.80.194 #1: no crl from
> issuer "C=IT, ST=Italy, L=Montanaro, O=nicolan, CN=nicolan, E=nico at nicolan.com"
> found (strict=no)

There should be more errors or success messages after this?

Paul
-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list