[Openswan Users] Incorrect peerid when connections are behind NAT
Randy Wyatt
rwyatt at nvtl.com
Thu Jan 28 15:49:01 EST 2010
All,
I am in the final stages of getting my openswan connection back up and
running, but I have run into the final issue which I must resolve.
Both gateways are behind NAT'ed firewalls so I have a network
configuration something like this:
Gateway 1 Firewall 1 Firewall 2
Gateway 2
10.0.1.X -----> 70.166.XXX.YYY------> 216.188.XXX.YYY
------->10.1.XXX.YYY
I get get up to the exchange of the IP information, but the connection
stalls there with the following error: Seen from Gateway 1
Jan 28 12:26:26 rwwyatt pluto[15347]: "home-to-devnet" #66: Main mode
peer ID is ID_IPV4_ADDR: '10.1.XXX.YYY'
Jan 28 12:26:26 rwwyatt pluto[15347]: "home-to-devnet" #66: no suitable
connection for peer '10.1.XXX.YYY
How do I get past this error? This used to work. Shouldn't the peer
ID be 216.188.XXX.YYY
Gateway 1's version
'Password:
[root at rwwyatt ~]# ipsec version
Linux Openswan U2.6.21/K2.6.18-164.11.1.el5 (netkey)
See `ipsec --copyright' for copyright information.
[root at rwwyatt ~]#
Gateway 2's version
localuser at Dolphins:/var/log$ ipsec version
Linux Openswan U2.6.22/K2.6.31-14-server (netkey)
See `ipsec --copyright' for copyright information.
localuser at Dolphins:/var/log$
The barf for gateway1 is located at:
http://www.rwwyatt.com/gateway1_barf.out
The barf for gateway 2 is located at
http://www.rwwyatt.com/barf_gateway2.out
All help is appreciated.
Regards,
Randy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100128/a1cba8b2/attachment-0001.html
More information about the Users
mailing list