[Openswan Users] safenet + openswan

Paul Wouters paul at xelerance.com
Wed Sep 13 12:37:03 EDT 2006


On Wed, 13 Sep 2006, Luca Andreoli wrote:

> Subject: [Openswan Users] safenet + openswan
>
> i try to do a vpn connection in T-NAT
>
> but the /var/log/secure

> Sep 13 17:20:45 mantofw pluto[12859]: "vpn-laptop"[3] 83.103.71.142 #3:
> NAT-Traversal: Result using draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
> Sep 13 17:20:45 mantofw pluto[12859]: "vpn-laptop"[3] 83.103.71.142 #3:
> transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
> Sep 13 17:21:55 mantofw pluto[12859]: "vpn-laptop"[3] 83.103.71.142 #3:
> max number of retransmissions (2) reached STATE_MAIN_R2

The other end is silently dropping your connection, so this is probably
some misconfiguration of the two ends.

>         plutoload=%search
>         plutostart=%search

And this shows you are suing openswan-1, which has reached EOL 9 months ago.
Upgrade to openswan-2.

>         nat_traversal=yes
>         # RFC1918 networks
>         #virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
>
> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,!%v4:192.4.0.0/24

That last bit should be %v4:!192.4.0.0/24

Paul
-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list