[Openswan Users] VPN wxp-NAT-NAT-openswan
Miguel A Felipe Rodríguez
michel at claudiofelipe.com
Mon Sep 18 10:53:38 EDT 2006
Shall be there any problem if my roadwarrior network is the same than
the VPN Server, but in to different places?
Paul Wouters wrote:
> On Sun, 17 Sep 2006, Miguel A Felipe wrote:
>
>
>> I think "something" is going worng with "something" :)
>> I have now this error so I think the problem is the NAT of the protocol near
>> the roadwarrior, can anyone has had the same problem?
>>
>> This error is output with plutodebug=all
>> Sep 17 09:22:09 cf01fw01 pluto[24009]: ERROR: asynchronous network error
>> report on eth2 (sport=4500) for message to 80.1.1.1 port 4500, complainant
>> 80.1.1.1: Connection refused [errno 111, origin ICMP type 3 code 3 (not
>> authenticated)]
>>
>
> "80.1.1.1" is not running ipsec or forwarding the ports or the machine it
> forwards to is not running ipsec.
> Another possibility is that you're somehow trying to connect from the l2tp
> network to the l2tp network itself or something.
>
> It's hard to diagnose things when IP addresses are mangled for anonimity.
>
> Paul
>
>
>> My ipsec.conf is right (I think):
>>
>> version 2.0 # conforms to second version of ipsec.conf specification
>> config setup
>> nat_traversal=yes
>>
>> virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:172.
>> 23.2.0/24
>> nhelpers=0
>> conn L2TP-PSK-NAT
>> rightsubnet=vhost:%priv
>> also=L2TP-PSK-noNAT
>>
>> conn L2TP-PSK-noNAT
>> authby=secret
>> pfs=no
>> auto=add
>> keyingtries=3
>> rekey=no
>> type=transport
>> left=%defaultroute
>> leftsubnet=80.38.102.7/32
>> leftprotoport=17/1701
>> right=%any
>> rightprotoport=17/1701
>>
>>
>>
>>
>>
>
>
More information about the Users
mailing list