[Openswan Users] about "virtual_private"

kelvin kanava88 at gmail.com
Tue Feb 26 21:51:28 EST 2008


my topology is like this:
(vpnclient)172.16.0.100-------(172.16.0.33 nat device 10.9.99.33)====
10.9.99.200(vpn server)

my vpnclient configration :

config setup
     nat_traversal=yes
    plutowait=yes

conn %default
    leftrsasigkey=%cert
    rightrsasigkey=%cert
include /etc/ipsec.d/examples/no_oe.conf

conn nat-client
                left=172.16.0.100
                right=10.9.99.200

                auto=add

               authby=secret


my vpn server configuration:

config setup
        nat_traversal=yes
        virtual_private=%4:172.16.0.0/16
         plutowait=yes

conn %default
        leftrsasigkey=%cert
        rightrsasigkey=%cert
include /etc/ipsec.d/examples/no_oe.conf

conn nat-server
               left=10.9.99.200
               right=%any
               rightsubnet=vhost:%priv
               #rightsubnet=172.16.0.100/32
               authby=secret
               auto=add

now when i start the vpn server and the vpn client ,when they do quick mode
,get a error log message

"May 17 02:41:33 slesvmserver88 pluto[25760]: "nat-server"[2] 10.9.99.33 #1:
cannot respond to IPsec SA request because no connection is known for
10.9.99.200...10.9.99.33[172.16.0.100]===172.16.0.100/32"

so then i modify my server configration like this

conn nat-server
               left=10.9.99.200
               right=%any
               #rightsubnet=vhost:%priv
               rightsubnet=172.16.0.100/32
               authby=secret
               auto=add

then the vpn client can make ipsec connection to vpn sever successfully ,but
why i cant make it successfully with the first configuration? why?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20080227/40e1476d/attachment-0001.html 


More information about the Users mailing list