[Openswan Users] Problem nat traversal

Gbenga stjames08 at yahoo.co.uk
Thu Jan 3 08:37:07 EST 2008 

Hi,

I cannot for sure pin point the issue with your configuration without the full config file and maybe your firewall output, but from the this line in your error msg, your conn definition is missing something. 

"Jan  3 00:07:15 labrador pluto[7309]: packet from 1.2.3.4:500: initial 
Main Mode message received on 5.6.7.8:500 but no connection has been 
authorized
"

1.]Check that there to make sure what you have between conn casa-onemax is a tab or at least a space. 
2.] Remove the "#rightid=5.6.7.8" to the end of the conn definition. I sometimes has problem with it

Other than that it looks fine to me. Anyone with comment?

Rgds,
Gbenga

----- Original Message ----
From: Cristhian Nunez <cnunez at onemax.com>
To: users at openswan.org
Sent: Thursday, 3 January, 2008 4:09:56 AM
Subject: [Openswan Users] Problem nat traversal

Hi list

Im just setting up a openswan behind a nat. My configuration is the 
following:

conn casa-onemax
        left=192.168.1.40
        leftid=1.2.3.4
        leftnexthop=192.168.1.100 (internal default gw)
        leftsubnet=192.168.1.0/24
        leftrsasigkey=....nh7NasAXjnYDe7i/HgSnWe+P4nF
        right=5.6.7.8
        rightnexthop=8.7.6.5 (default gw)
        rightsubnet=172.18.0.0/21
        #rightid=5.6.7.8
        rightrsasigkey=....f8HSmVcdtGkaoSxaxLFxPx8OeJT
        auto=add

i follow this openswan configuration:
http://wiki.openswan.org/index.php/Openswan/NatTraversal

The problem is when i try to start the conection. i can stablish it. 
here the logs:

Jan  3 00:07:15 labrador pluto[7309]: packet from 1.2.3.4:500: received 
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but 
already using method 110
Jan  3 00:07:15 labrador pluto[7309]: packet from 1.2.3.4:500: received 
Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
Jan  3 00:07:15 labrador pluto[7309]: packet from 1.2.3.4:500: initial 
Main Mode message received on 5.6.7.8:500 but no connection has been 
authorized
Jan  3 00:07:16 labrador pluto[7309]: | complete state transition with 
STF_IGNORE

I dont know whats wrong...

Any comments ???

Thanks a lot


Cris



_______________________________________________
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
Building and Integrating Virtual Private Networks with Openswan: 
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


      __________________________________________________________
Sent from Yahoo! Mail - a smarter inbox http://uk.mail.yahoo.com

More information about the Users mailing list