[Openswan Users] VPN wxp-NAT-NAT-openswan
Miguel A Felipe
michel at claudiofelipe.com
Sun Sep 17 12:35:31 EDT 2006
Yes, its true, I will post the messages with original ip address:
Roadwarrior----------Router1 ADSL(PPPOA
NAT)----------Internet----------Router2
ADSL---------FW,NAT,VPNGW------Internal Lan
IP Roadwarrior: 192.168.0.2 WINXP
Router1 Internal: 192.168.0.1
Router1 external: DynamicIP This time 87.218.195.96
Router2 internal 192.168.1.1
FW,NAT,VPNGW External: 192.168.1.2 Linux, debian, 2.6, openswan
2.4.6+dfsg-1, FW+NAT PUBLIC ADRESS (Site2 external 80.38.102.7) This is
Fixed IP address
FW,NAT,VPNGW Internal: 172.23.2.1
Internal Lan: 172.23.2.0/28
So I want to enable a VPN from Roadwarrior to 80.38.102.7 that is natted to
the FW,NAT,VPNGW(the nat is done in the same machine)
I post only the error because I the log is repeated for many times on each
connection, its like it doesn´t ends the first because de error, and then it
retries de same connection.
So the Error I have is:
Sep 17 15:32:04 cf01fw01 pluto[13664]: ERROR: asynchronous network error
report on eth2 (sport=500) for message to 87.218.195.96 port 500,
complainant 87.218.195.96: Connection refused [errno 111, origin ICMP type 3
code 3 (not authenticated)]
The config file is:
version 2.0 # conforms to second version of ipsec.conf specification
config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:172.
23.2.0/24
nhelpers=0
plutodebug=all
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
type=transport
left=%defaultroute
leftsubnet=80.38.102.7/32
leftprotoport=17/1701
right=%any
rightprotoport=17/1701
# sample VPN connections, see /etc/ipsec.d/examples/
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
More information about the Users
mailing list