[Openswan Users] Problem nat traversal
Cristhian Nunez
cnunez at onemax.com
Thu Jan 3 09:27:09 EST 2008
I did your recomendations and i still have the problem. The firewall is
working well. For test, i disabled it and the problem continued.
it looks like this now
version 2.0
config setup
plutodebug="control parsing"
nat_traversal=yes
nhelpers=0
conn casa-onemax
left=192.168.1.40
leftid=1.2.3.4
leftnexthop=192.168.1.100 (internal default gw)
leftsubnet=192.168.1.0/24
leftrsasigkey=....nh7NasAXjnYDe7i/HgSnWe+P4nF
right=5.6.7.8
rightnexthop=8.7.6.5 (default gw)
rightsubnet=172.18.0.0/21
rightrsasigkey=....f8HSmVcdtGkaoSxaxLFxPx8OeJT
auto=add
And the same error
packet from 1.2.3.4:500: initial
Main Mode message received on 5.6.7.8:500 but no connection has been
authorized
It seems that the conection 5.6.7.8 receive the package but it doesnt
know what to do.
thanks in advance,
Cris
Gbenga wrote:
> Hi,
>
> I cannot for sure pin point the issue with your configuration without the full config file and maybe your firewall output, but from the this line in your error msg, your conn definition is missing something.
>
> "Jan 3 00:07:15 labrador pluto[7309]: packet from 1.2.3.4:500: initial
> Main Mode message received on 5.6.7.8:500 but no connection has been
> authorized
> "
>
> 1.]Check that there to make sure what you have between conn casa-onemax is a tab or at least a space.
> 2.] Remove the "#rightid=5.6.7.8" to the end of the conn definition. I sometimes has problem with it
>
> Other than that it looks fine to me. Anyone with comment?
>
> Rgds,
> Gbenga
>
> ----- Original Message ----
> From: Cristhian Nunez <cnunez at onemax.com>
> To: users at openswan.org
> Sent: Thursday, 3 January, 2008 4:09:56 AM
> Subject: [Openswan Users] Problem nat traversal
>
> Hi list
>
> Im just setting up a openswan behind a nat. My configuration is the
> following:
>
> conn casa-onemax
> left=192.168.1.40
> leftid=1.2.3.4
> leftnexthop=192.168.1.100 (internal default gw)
> leftsubnet=192.168.1.0/24
> leftrsasigkey=....nh7NasAXjnYDe7i/HgSnWe+P4nF
> right=5.6.7.8
> rightnexthop=8.7.6.5 (default gw)
> rightsubnet=172.18.0.0/21
> #rightid=5.6.7.8
> rightrsasigkey=....f8HSmVcdtGkaoSxaxLFxPx8OeJT
> auto=add
>
> i follow this openswan configuration:
> http://wiki.openswan.org/index.php/Openswan/NatTraversal
>
> The problem is when i try to start the conection. i can stablish it.
> here the logs:
>
> Jan 3 00:07:15 labrador pluto[7309]: packet from 1.2.3.4:500: received
> Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but
> already using method 110
> Jan 3 00:07:15 labrador pluto[7309]: packet from 1.2.3.4:500: received
> Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
> Jan 3 00:07:15 labrador pluto[7309]: packet from 1.2.3.4:500: initial
> Main Mode message received on 5.6.7.8:500 but no connection has been
> authorized
> Jan 3 00:07:16 labrador pluto[7309]: | complete state transition with
> STF_IGNORE
>
> I dont know whats wrong...
>
> Any comments ???
>
> Thanks a lot
>
>
> Cris
>
>
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
>
> __________________________________________________________
> Sent from Yahoo! Mail - a smarter inbox http://uk.mail.yahoo.com
>
>
More information about the Users
mailing list