[Openswan Users] about "virtual_private"
kelvin
kanava88 at gmail.com
Tue Feb 26 21:51:28 EST 2008
my topology is like this:
(vpnclient)172.16.0.100-------(172.16.0.33 nat device 10.9.99.33)====
10.9.99.200(vpn server)
my vpnclient configration :
config setup
nat_traversal=yes
plutowait=yes
conn %default
leftrsasigkey=%cert
rightrsasigkey=%cert
include /etc/ipsec.d/examples/no_oe.conf
conn nat-client
left=172.16.0.100
right=10.9.99.200
auto=add
authby=secret
my vpn server configuration:
config setup
nat_traversal=yes
virtual_private=%4:172.16.0.0/16
plutowait=yes
conn %default
leftrsasigkey=%cert
rightrsasigkey=%cert
include /etc/ipsec.d/examples/no_oe.conf
conn nat-server
left=10.9.99.200
right=%any
rightsubnet=vhost:%priv
#rightsubnet=172.16.0.100/32
authby=secret
auto=add
now when i start the vpn server and the vpn client ,when they do quick mode
,get a error log message
"May 17 02:41:33 slesvmserver88 pluto[25760]: "nat-server"[2] 10.9.99.33 #1:
cannot respond to IPsec SA request because no connection is known for
10.9.99.200...10.9.99.33[172.16.0.100]===172.16.0.100/32"
so then i modify my server configration like this
conn nat-server
left=10.9.99.200
right=%any
#rightsubnet=vhost:%priv
rightsubnet=172.16.0.100/32
authby=secret
auto=add
then the vpn client can make ipsec connection to vpn sever successfully ,but
why i cant make it successfully with the first configuration? why?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080227/40e1476d/attachment-0001.html
More information about the Users
mailing list