[Openswan Users] openswan on dedibox

Paul Wouters paul at xelerance.com
Wed Nov 12 17:18:35 EST 2008


On Wed, 12 Nov 2008, Reza Issany wrote:

> I've done these modificcations (v in %v4 and rightsubnet). Here are the logs :

> Nov 12 22:07:43 transchaines pluto[6298]: "roadwarrior-xp"[4] 82.229.55.165
> #2: peer proposal was reject in a virtual connection policy because:
> Nov 12 22:07:43 transchaines pluto[6298]: "roadwarrior-xp"[4] 82.229.55.165
> #2:   a private network virtual IP was required, but the proposed IP did not
> match our list (virtual_private=)
> Nov 12 22:07:43 transchaines pluto[6298]: "roadwarrior-xp"[4] 82.229.55.165
> #2: peer proposal was reject in a virtual connection policy because:
> Nov 12 22:07:43 transchaines pluto[6298]: "roadwarrior-xp"[4] 82.229.55.165
> #2:   a private network virtual IP was required, but the proposed IP did not
> match our list (virtual_private=)
> Nov 12 22:07:43 transchaines pluto[6298]: "roadwarrior-xp"[4] 82.229.55.165
> #2: cannot respond to IPsec SA request because no connection is known for
> 88.191.50.209<88.191.50.209>[+S=C]:17/1701...82.229.55.165[C=FR, ST=France,
> L=Var, O=Olympe CTI, OU=Ingenierie, CN=vpn.olympecti.fr,
> E=test at aol.com,+S=C]:17/1701===192.168.7.200/32

88.191.50.209 is NAT'ed to 82.229.55.165? But 88.191.50.0/24 is not listed
in virtual_private= as a valid address to allow for NAT-T.

Paul


More information about the Users mailing list