[Openswan Users] safenet + openswan
Paul Wouters
paul at xelerance.com
Wed Sep 13 12:37:03 EDT 2006
On Wed, 13 Sep 2006, Luca Andreoli wrote:
> Subject: [Openswan Users] safenet + openswan
>
> i try to do a vpn connection in T-NAT
>
> but the /var/log/secure
> Sep 13 17:20:45 mantofw pluto[12859]: "vpn-laptop"[3] 83.103.71.142 #3:
> NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
> Sep 13 17:20:45 mantofw pluto[12859]: "vpn-laptop"[3] 83.103.71.142 #3:
> transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
> Sep 13 17:21:55 mantofw pluto[12859]: "vpn-laptop"[3] 83.103.71.142 #3:
> max number of retransmissions (2) reached STATE_MAIN_R2
The other end is silently dropping your connection, so this is probably
some misconfiguration of the two ends.
> plutoload=%search
> plutostart=%search
And this shows you are suing openswan-1, which has reached EOL 9 months ago.
Upgrade to openswan-2.
> nat_traversal=yes
> # RFC1918 networks
> #virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
>
> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,!%v4:192.4.0.0/24
That last bit should be %v4:!192.4.0.0/24
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list