[Openswan Users] OpenSwan not working with nat-t
CrashOverload at gmx.de
CrashOverload at gmx.de
Mon Apr 6 05:56:14 EDT 2009
Hi,
following situation. Must set up a site-to-site vpn with an ipsec gateway which I cannot configure and got no information about the device (model, supported features,... )
I got only the following information about encryption and that the remote gateway is supporting NAT-T:
3 des sha1 group 2
And that´s my part of the vpn:
My IPsec server is behind a firewall and the firewall is NATting the ipsec-server´s private ip to an public ip.
ipsec-server----Firewall-with-nat----remote-ipsec-gateway----server
here are my openswan configuration:
config setup
forwardcontrol=yes
nat_traversal=yes
protostack=netkey
virtual_private=%v4:192.168.168.66/32,192.168.156.55/32
conn vpn
auth=esp
authby=secret
auto=add
forceencaps=yes
left=77.88.99.21 #Local Public IP
leftid=77.88.99.21
leftsubnet=192.168.168.66/32
pfs=yes
right=112.113.114.115 #Remote Public IP
rightid=112.113.114.115
rightsubnet=192.168.156.55/32
type=tunnel
Output of IPSEC VERIFY:
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.14/K2.6.18-92.el5 (netkey)
Checking for IPsec support in kernel [OK]
NETKEY detected, testing for disabled ICMP send_redirects [OK]
NETKEY detected, testing for disabled ICMP accept_redirects [OK]
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing [OK]
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption DNS checks:
Looking for TXT in forward dns zone: vpn.local [MISSING]
Does the machine have at least one non-private address? [FAILED]
Is there anything in the configuration missing or wrong?
--
Psssst! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger01
More information about the Users
mailing list