[Openswan Users] [help ] starting with openswan..

[Antonio Silva]

hi,
i'm trying to  use openswan  on my computer, i'm using debian etch.my 
kernel version is 2.6.21.
i'm testing some configuration that i saw by "google it..", i can' t get 
any of then working... i try first with ipsec - netkeys, that comes in 
the kernel... nothing... now i'm trying with klips, it's better i was 
able to start something... but i have errors, like, for example a can t 
get it work my kernel with the natt, and i have this error,

"bli" #2: IDci was FQDN: Y\004\207\001, using NAT_OA=0.0.0.0/32 as IDci
Sep 12 18:19:49 marces pluto[9470]: "bli" #2: the peer proposed: 
89.4.135.1/32:17/1701 -> 0.0.0.0/32:17/1701
Sep 12 18:19:49 marces pluto[9470]: "bli" #2: cannot respond to IPsec SA 
request because no connection is known for 
89.4.135.1/32===192.168.50.2<192.168.50.2>:17/1701...89.4.135.2<89.4.135.2>:17/1701===? 


i think is because of natt...(but i don't know)

so i'm asking should a use netkeys or klips??
if netkeys, can you show me a good "how to..."?
if is klips how can a get a good patch for my kernel...?

by the way this what i'm trying to implement:

win 
(89.4.135.2/24)---(internet)-----(89.4.135.1/24)router(192.168.50.1/24)-------(lan)------(192.168.50.2/24)(linux/openswan) 



my ipsec.conf:

version 2.0

config setup
       plutodebug=control
       nat_traversal=yes
       interfaces="ipsec0=eth0"
       virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16

conn bli
       authby=secret
       pfs=no
       left=192.168.50.2
       leftnexthop=192.168.50.1
       leftprotoport=17/1701
       right=89.4.135.2
       rightprotoport=17/1701
       auto=add

#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf


thanks for the help