[Openswan Users] VPN wxp-NAT-NAT-openswan

Sun Sep 17 09:23:51 EDT 2006

On Sun, 17 Sep 2006, Miguel A Felipe wrote:

> I think "something" is going worng with "something" :)
> I have now this error so I think the problem is the NAT of the protocol near
> the roadwarrior, can anyone has had the same problem?
>
> This error is output with plutodebug=all
> Sep 17 09:22:09 cf01fw01 pluto[24009]: ERROR: asynchronous network error
> report on eth2 (sport=4500) for message to 80.1.1.1 port 4500, complainant
> 80.1.1.1: Connection refused [errno 111, origin ICMP type 3 code 3 (not
> authenticated)]

"80.1.1.1" is not running ipsec or forwarding the ports or the machine it
forwards to is not running ipsec.
Another possibility is that you're somehow trying to connect from the l2tp
network to the l2tp network itself or something.

It's hard to diagnose things when IP addresses are mangled for anonimity.

Paul

> My ipsec.conf is right (I think):
>
> version 2.0     # conforms to second version of ipsec.conf specification
> config setup
>         nat_traversal=yes
>
> virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:172.
> 23.2.0/24
>         nhelpers=0
> conn L2TP-PSK-NAT
>         rightsubnet=vhost:%priv
>         also=L2TP-PSK-noNAT
>
> conn L2TP-PSK-noNAT
>         authby=secret
>         pfs=no
>         auto=add
>         keyingtries=3
>         rekey=no
>         type=transport
>         left=%defaultroute
>         leftsubnet=80.38.102.7/32
>         leftprotoport=17/1701
>         right=%any
>         rightprotoport=17/1701
>
>
>
>

-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155