[Openswan Users] Client VPN on Vista OS

Paul Wouters paul at xelerance.com
Fri Oct 16 09:32:17 EDT 2009

On Fri, 16 Oct 2009, Sasa wrote:

> the address space is this:
> 85.18.z.k= ip public on vpn server
> 89.97.x.y= ip public on that remote vpn client
> ip private on that remote vpn client
> I have tried with this parameter:
> virtual_private=%v4:,%v4:!
> ..but in log file I have always:

> Oct 16 14:47:32 fw pluto[22744]: "left-road"[2] 89.97.x.y #6: cannot respond 
> to IPsec SA request because no connection is known for 
> 85.18.z.k...89.97.x.y[]===

Oh. i didnt realise 85.18.z.k was the server.

Your virtual_private= should include the addresses that may appear NAT'ed. It
should exclude any IP ranges used *behind* the server. You did not list any
in this email. But lets say your vpn server has an internal address in
then you could use virtual_private=%v4:,%v4:! to
disallowe clients connecting with conflicting IP addresses from the server side


More information about the Users mailing list