[Openswan Users] Problem nat traversal

Cristhian Nunez cnunez at onemax.com
Thu Jan 3 09:26:38 EST 2008 

I did your recomendations and i still have the problem. The firewall is 
working well. For test, i disabled it and the problem continued.
it looks like this now

version 2.0
config setup
plutodebug="control parsing"
nat_traversal=yes
nhelpers=0

conn 	casa-onemax
         left=192.168.1.40
         leftid=1.2.3.4
         leftnexthop=192.168.1.100 (internal default gw)
         leftsubnet=192.168.1.0/24
         leftrsasigkey=....nh7NasAXjnYDe7i/HgSnWe+P4nF
         right=5.6.7.8
         rightnexthop=8.7.6.5 (default gw)
         rightsubnet=172.18.0.0/21
         rightrsasigkey=....f8HSmVcdtGkaoSxaxLFxPx8OeJT
         auto=add

And the same error

packet from 1.2.3.4:500: initial
Main Mode message received on 5.6.7.8:500 but no connection has been
authorized

It seems that the conection 5.6.7.8 receive the package but it doesnt 
know what to do.

thanks in advance,

Cris


Gbenga wrote:
> Hi,
> 
> I cannot for sure pin point the issue with your configuration without the full config file and maybe your firewall output, but from the this line in your error msg, your conn definition is missing something. 
> 
> "Jan  3 00:07:15 labrador pluto[7309]: packet from 1.2.3.4:500: initial 
> Main Mode message received on 5.6.7.8:500 but no connection has been 
> authorized
> "
> 
> 1.]Check that there to make sure what you have between conn casa-onemax is a tab or at least a space. 
> 2.] Remove the "#rightid=5.6.7.8" to the end of the conn definition. I sometimes has problem with it
> 
> Other than that it looks fine to me. Anyone with comment?
> 
> Rgds,
> Gbenga
> 
> ----- Original Message ----
> From: Cristhian Nunez <cnunez at onemax.com>
> To: users at openswan.org
> Sent: Thursday, 3 January, 2008 4:09:56 AM
> Subject: [Openswan Users] Problem nat traversal
> 
> Hi list
> 
> Im just setting up a openswan behind a nat. My configuration is the 
> following:
> 
> conn casa-onemax
>         left=192.168.1.40
>         leftid=1.2.3.4
>         leftnexthop=192.168.1.100 (internal default gw)
>         leftsubnet=192.168.1.0/24
>         leftrsasigkey=....nh7NasAXjnYDe7i/HgSnWe+P4nF
>         right=5.6.7.8
>         rightnexthop=8.7.6.5 (default gw)
>         rightsubnet=172.18.0.0/21
>         #rightid=5.6.7.8
>         rightrsasigkey=....f8HSmVcdtGkaoSxaxLFxPx8OeJT
>         auto=add
> 
> i follow this openswan configuration:
> http://wiki.openswan.org/index.php/Openswan/NatTraversal
> 
> The problem is when i try to start the conection. i can stablish it. 
> here the logs:
> 
> Jan  3 00:07:15 labrador pluto[7309]: packet from 1.2.3.4:500: received 
> Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but 
> already using method 110
> Jan  3 00:07:15 labrador pluto[7309]: packet from 1.2.3.4:500: received 
> Vendor ID payload [draft-ietf-ipsec-nat-t-ike-00]
> Jan  3 00:07:15 labrador pluto[7309]: packet from 1.2.3.4:500: initial 
> Main Mode message received on 5.6.7.8:500 but no connection has been 
> authorized
> Jan  3 00:07:16 labrador pluto[7309]: | complete state transition with 
> STF_IGNORE
> 
> I dont know whats wrong...
> 
> Any comments ???
> 
> Thanks a lot
> 
> 
> Cris
> 
> 
> 
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
> 
> 
>       __________________________________________________________
> Sent from Yahoo! Mail - a smarter inbox http://uk.mail.yahoo.com
> 
>

More information about the Users mailing list