[Openswan Users] Client VPN on Vista OS
Paul Wouters
paul at xelerance.com
Fri Oct 16 09:32:17 EDT 2009
On Fri, 16 Oct 2009, Sasa wrote:
> the address space is this:
>
> 85.18.z.k= ip public on vpn server
> 89.97.x.y= ip public on that remote vpn client
> 10.0.1.221= ip private on that remote vpn client
>
> I have tried with this parameter:
> virtual_private=%v4:0.0.0.0/0,%v4:!10.0.1.0/24
>
> ..but in log file I have always:
> Oct 16 14:47:32 fw pluto[22744]: "left-road"[2] 89.97.x.y #6: cannot respond
> to IPsec SA request because no connection is known for
> 85.18.z.k...89.97.x.y[10.0.1.221]===10.0.1.221/32
Oh. i didnt realise 85.18.z.k was the server.
Your virtual_private= should include the addresses that may appear NAT'ed. It
should exclude any IP ranges used *behind* the server. You did not list any
in this email. But lets say your vpn server has an internal address in 192.168.0.0/24
then you could use virtual_private=%v4:0.0.0.0/0,%v4:!192.168.0.0/24 to
disallowe clients connecting with conflicting IP addresses from the server side
network.
Paul
More information about the Users
mailing list