[Openswan Users] Openswan/xl2tpd issue with nated roadwarriors

Sebastian Gomez Velasco blass_sgv at hotmail.com
Sat Jun 20 13:57:35 EDT 2009 






Hi Paul, thanks for the reply.



About bug #1004, I'm not getting this error:  "cannot respond to IPsec SA request
because no connection is known for......." like said in https://gsoc.xelerance.com/issues/1004

I tried
with transport mode, but I got the same messages, except in /var/log/secure,
where IPSec SA changed from "tunnel" to "transport"

IPsec SA
established transport mode {ESP/NAT=>0x74cb12e6........

Finally,
I change my ipsec.conf file like you said. I used rightsubnet=vhost:%priv, but nothing change. The
logs still the same.



> Date: Sat, 20 Jun 2009 12:41:18 -0400
> From: paul at xelerance.com
> To: blass_sgv at hotmail.com
> CC: users at openswan.org
> Subject: Re: [Openswan Users] Openswan/xl2tpd issue with nated roadwarriors
> 
> On Sat, 20 Jun 2009, Sebastian Gomez Velasco wrote:
> 
> > I'm trying to setup a VPN Server with Openswan 2.6.14 and xl2tpd 1.2.4, in a Centos 5.2 with Kernel 2.6.29. I want to connect
> > multiple roadwarriors (Windows XP and Windows Vista) that can or not be nated. First I tried with roadwarriors that are not
> > nated, and it works fine. When I tried with roadwarriors that are nated, I added this line to my ipsec.conf file:
> 
> Due to bug #1004 you should probably use openswan 2.4.14.
> 
> > rightsubnet=vhost:%no,%priv
> > 
> > (I have tried with rightid and leftid, the result is the same)
> > 
> > Doing this my connections fails. In my /var/log/secure file I found this:
> > 
> > STATE_QUICK_R2: IPsec SA established tunnel mode {ESP/NAT=>0x74cb12e6 <0xb9e57168 xfrm=3DES_0-HMAC_MD5 NATOA=10.0.0.20
> > NATD=190.154.77.1:4500 DPD=none}
> 
> Why is it tunnel mode? l2tp normally works with ipsec in transport mode.
> 
> > so, the connection with ipsec works.
> > 
> > In my /var/log/messages file, I found this:
> > 
> > Jun 10 16:45:39 VPN xl2tpd[4867]: Maximum retries exceeded for tunnel 59111.  Closing.
> > 
> > Jun 10 16:45:47 VPN xl2tpd[4867]: Connection 1 closed to 190.154.77.1, port 1701 (Timeout)
> 
> This is probably because of bug #1004.
> 
> > Then I commented the line rightsubnet=vhost:%no,%priv (and rightid and leftid lines), and again my connection works!!!, but I
> > need the connection with nated roadwarriors.
> 
> Does it work if you use: rightsubnet=vhost:%priv
> 
> Paul

_________________________________________________________________
Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy!
http://spaces.live.com/spacesapi.aspx?wx_action=create&wx_url=/friends.aspx&mkt=en-us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090620/49187d8c/attachment-0001.html

More information about the Users mailing list