[Openswan Users] Problem with NAT traversal:cannot respond to IPsec SA request because no connection is known for
ruifeng yang
yrffren at gmail.com
Mon Dec 29 08:04:44 EST 2008
Hello all:
I am setting up a Linux VPN server with OpenSwan 2.4.7 (using
2.6.9 kernel's netkey ) and a VPN client running on Linux System
(using 2.6.9 kernel). The test went well when the server and the client
are in the same LAN.
However, when put NAT between VPN server and VPN client, I got the
following error (copied from /var/log/secure):
cannot respond to IPsec SA request because no connection is known for
192.168.1.0/24===192.168.0.22[C=ro, ST=roots, L=rootcity, O=rootorg,
OU=rootsection, CN=vpngateway, E=vpngateway at 163.com]
...192.168.0.1[C=ro, ST=roots, L=rootcity, O=rootorg, OU=rootsection,
CN=jimname, E=jim at 163.com]===192.168.3.33/32
It looks that the ISAKMP SA was established but IPsec SA
could not.
Has anybody experienced this before? What is wrong with my
configuration? My ipsec.conf is attached below:
The VPN server's ipsec.conf are:
version 2.0
config setup
interfaces=%defaultroute
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.168.0.0/24
nhelpers=0
conn %default
compress=yes
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
conn road
left=192.168.0.22
leftcert=vpngateway.cert
leftsubnet=192.168.1.0/24
right=%any
auto=add
include /etc/ipsec.d/examples/no_oe.conf
The VPN client's ipsec.conf are:
version 2.0
config setup
interfaces=%defaultroute
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:!192.168.0.0/24
nhelpers=0
conn %default
compress=yes
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
conn road
left=192.168.3.33
leftcert=jim.cert
right=192.168.0.22
rightcert=vpngateway.cert
rightsubnet=192.168.1.0/24
auto=add
include /etc/ipsec.d/examples/no_oe.conf
More information about the Users
mailing list