[Openswan Users] R: Ipsec/l2tp server behind nat, again
Paul Wouters
paul at xelerance.com
Thu Sep 25 00:06:32 EDT 2008
On Wed, 24 Sep 2008, Lux wrote:
> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192
> .168.0.0/24
> "roadwarrior-l2tp"[2] 79.7.5.49 #1: cannot respond to IPsec SA request
> because no connection is known for
> 12.34.112.177/32===192.168.0.100<192.168.0.100>[+S=C]:17/1701...79.7.5.49[@l
> uxnb.iotti.biz,+S=C]:17/%any===192.168.1.7/32
Is 12.34.112.177 the NAT'ed IP of the client? If so, that range needs to
be in the virtual_private= range, which it is not in.
> I don't know if this can be related to the problem, but I found that if I
> add controlmore to plutodebug=, pluto dies with this in the log:
> pluto[16835]: | ******parse ISAKMP Oakley attribute:
> pluto[16835]: | af+type: OAKLEY_LIFE_DURATION (variable length)
> pluto[16835]: | length/value: 4
Can you add dumpdir=/tmp and then run with controlmore, and run gdb on
the core in /tmp to see what the crasher is?
Paul
More information about the Users
mailing list