[Openswan Users] Can't use tunnel on roadwarrior connection

Peter McGill petermcgill at goco.net
Tue Sep 2 10:14:58 EDT 2008 

Eugenio,

Both the server and client cannot be behind a NAT/router, the server 
needs a public ip address. Either reconfigure your office lan so that 
the router passes the 79.38.2.17 address to the openswan gateway 
machine, making it the office lan gateway and using left=79.38.2.17 in
both ipsec.conf's or use a different connection type like OpenVPN, which
has not problem traversing NAT. Also, please turn off developer 
debugging! plutodebug=none.

Peter

Eugenio Vescovi wrote:
> I was trying to establish a roadwarrior connection between my home 
> pc(private ip address 192.168.1.32; public ip 151.49.x.x) connected to 
> internet by an adsl router(192.168.1.1), and my company's LAN(public ip 
> 79.38.x.x) connected to internet by adsl router(192.168.2.1).
> I use the home pc as roadwarrior, while the machine 192.168.2.238 inside 
> company's LAN as Server side f the connection.
> 
> Here the two configuration file.
> 
> CLIENT
> config setup
>     interfaces=%defaultroute
>     klipsdebug=none
>     plutodebug=all
>     nat_traversal=yes
> 
> conn Prova
>     left=79.38.2.172
>     leftsubnet=192.168.2.0/24                       
>        leftrsasigkey=***                        
>     right=%defaultroute
>     rightnexthop=192.168.1.1
>     rightid=@client
>     leftid=@server
>     rightrsasigkey=***
>     auto=start
>     authby=rsasig
> 
> SERVER
> config setup
>     interfaces=%defaultroute
>     virtual_private=%v4:10.0.0.0/8,%v4:192.168.1.0/24
>     klipsdebug=none
>     plutodebug=all
>     nat_traversal=yes
> 
> conn Prova
>     left=192.168.2.238
>     leftsubnet=192.168.2.0/24
>     leftnexthop=%defaultroute
>     right=%any
>     rightid=@client
>     leftid=@server
>     rightrsasigkey=***
>     leftrsasigkey=***
>     auto=start
>     authby=rsasig
> The comand /etc/init.d/ipses status tell me the tunnel is up, but i'm 
> not able to ping neither the gateway and the other pc of the LAN.
> Say during pinging the gateway, by wireshark or tcpdump, i can see(on 
> the gateway) ESP packets from 151.49.*.* to 192.168.2.238 and icmp 
> packets from 192.168.1.32 to 192.168.2.238(the gateway on the lan, of 
> course.).
> Please try to help me, I'm working hard in this project from over a 
> month and i can't go on now, and i don't know why!!Everything look so 
> easy but it doesn't work.
> 
> Thank you in advance,
> Eugenio Vescovi.
> 
> ------------------------------------------------------------------------
> 5GB di spazio per i tuoi file online. È gratis, è SkyDrive! 
> <http://skydrive.live.com/>
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

More information about the Users mailing list