[Openswan Users] Freeswan Query

Peter Njiiri pnjiiri at novell.ae
Thu May 17 19:58:09 EDT 2007


Hi,
My VPN Linux server is behind a Linux Gateway/NAT. 
 
VPN Server —--> Gateway (eth0-10.x.x.254/24 <—> eth1-70.x.x.x)
<----->Internet <----> roadwarrior
 
I've setup my /etc/ipsec.conf on the server is as follows:
 
version 2.0
 
config setup
 nat_traversal=yes
 strictcrlpolicy=no

virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.1.0/24
 
conn %default
 
conn clear
 auto=ignore
 
conn private
 auto=ignore
 
conn packetdefault
 auto=ignore
 
conn clear-or-private
 auto=ignore
 
conn private-or-clear
 auto=ignore
 
conn block
 auto=ignore
 
conn OEself
 auto=ignore
 
conn roadwarrior-l2tp
 leftprotoport=17/0
 rightprotoport=17/1701
 also=roadwarrior
 
conn roadwarrior-l2tp-updatedwin
 leftprotoport=17/1701
 rightprotoport=17/1701
 also=roadwarrior
 
conn roadwarrior-all
 leftsubnet=0.0.0.0/0
 also=roadwarrior
 
conn L2TP-CERT
 # ...Existing parameters
 left=10.x.x.x
 leftnexthop=10.x.x.254
 rightsubnet=vhost:%no,%priv
 
conn roadwarrior
 authby=rsasig
 auto=add
 esp=aes,3des
 keyingtries=3
 left=%defaultroute
 leftcert=path/xxx_01.pem
 leftid="x.x.x.x"
 leftrsasigkey=%cert
 pfs=yes
 right=%any
 rightrsasigkey=%cert
 
 
Windows roadwarrior is as follows:
 
conn me_to_vpngateway
 pfs=yes
 auto=start
 network=auto
 left=%any
 right=DNSname (FQDN) of server
 rightca="xxxxx"
 
The routes have been sent up on the gateway/router and vpn server:
So now the road warrior is trying to connect to the vpn gateway through
the gateway and it's failing. I've followed the link
http://www.natecarlson.com/linux/ipsec-x509-fs1.php,
http://www.jacco2.dds.nl/networking/openswan-l2tp.html#serverNATed
and http://www.jacco2.dds.nl/networking/win2000xp-openswan.html#SP2
(Windows registry addition) but no success. I receive the Error 789 from
the windows client. Certificates are fine, packets received on the
gateway/router are successful on port 500 but vpn server doesn't doesn't
communicate. What should I do?? Please help!!!
 
Peter

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20070518/ed902a8c/attachment.html 


More information about the Users mailing list