[Openswan Users] problem with vpn between openswan and zyxel

Paul Wouters paul at xelerance.com
Sun Dec 9 16:30:35 EST 2007


On Sun, 9 Dec 2007, Davide Pasini wrote:

> 192.168.2.0/24===192.168.2.9(OpenswanGateway)---192.168.2.1(routerLANIP)/151.xx.yy.zz(routerWANIP).........151.kk.ll.mm(routerZyxelVPNWANIP)/192.168.1.1(routerZyxelVPNLANIP)===192.168.1.0/24
>
> The Openswan gateway talks with router zyxel but plutostderrlog says:
>
> Plutorun started on Sun Dec 9 09:00:26 CET 2007
> Starting Pluto (Openswan Version 2.4.6 X.509-1.5.4 LDAP_V3
> PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OElLO]RdWNRD)
> Setting NAT-Traversal port-4500 floating to off
>    port floating activation criteria nat_t=0/port_fload=1
>   including NAT-Traversal patch (Version 0.6c) [disabled]

You need NAT-T, but did not properly enable it. Since you are using openswan
2.4.6, it might be that your virtual_private= line in config setup was
rejected due to a bad entry. Also be sure to have nat_traversal=yes,
and the appropriate rightsubnet=vhost:%priv,%no in your conn section.

Paul
-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list