[Openswan Users] Problem with ShrewSoft VPN Client in DHCP over IPSec Configuration
Paul Wouters
paul at xelerance.com
Mon Jun 15 16:46:13 EDT 2009
On Mon, 15 Jun 2009, Martin Krellmann wrote:
> When I try to establish a connection with the ShrewSoft Client it fails.
>
> DHCP over IPSec, no NAT on both sides: "roadwarrior-dhcp"[1] 89.246.161.100 #3: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
I am not sure if we support dhcp over ipsec properly...
> Jun 15 16:07:37 gateway pluto[23447]: "roadwarrior-dhcp"[2] 89.246.161.100 #4: cannot respond to IPsec SA request
> because no connection is known for xxx.xxx.xxx.xxx[C=DE, ST=Brandenburg, L=Potsdam, O=Krellmann, OU=Servers,
> CN=vpngate, E=root at vpngate.potsdam.krellmann.net,+S=C]:17/67...89.246.161.100[C=DE, O=krellmann, OU=roadwarrior,
> CN=potsdam.krellmann.net, E=martin at krellmann.net,+S=C]:17/68
So it is trying with protoport=17/67 to protoport=17/68
> conn roadwarrior-dhcp
> keylife=60s
> rekeymargin=30s
> rekey=no
> leftcert=g1.krellmann.net.pem
> leftprotoport=udp/bootps
> #this allows DHCP discovery broadcast:
> leftsubnet=0.0.0.0/0
It might allow the packet, but I doubt it will ever be send over the tunnel
> right=%any
> rightcert=roadwarrior.potsdam.krellmann.net.pem
> rightprotoport=udp/bootpc
> auto=add
Does ShrewSoft claim this should work with openswan?
Paul
More information about the Users
mailing list