[Openswan Users] Clinet behind NAT problem
Paul Wouters
paul at xelerance.com
Wed Mar 17 10:24:11 EDT 2010
On Wed, 17 Mar 2010, farajian amin wrote:
> conn test
> type=tunnel
> authby=rsasig
> leftrsasigkey=%cert
> rightrsasigkey=%cert
> left=%defaultroute
> leftsubnet=10.10.10.0/24
> right=%any
> leftcert=serversidecert.pem
> leftid="C=Y, ST=Y, ..."
> rightid="C=X, ST=X, ..."
> auto=add
>
> I have nat-traversal=yes on both sides.
> pluto[11254]: "test"[1] 192.168.1.103 #1: cannot respond to IPsec SA request because no connection is known for 10.10.10.0/24===192.168.1.88[C=Y, ST=Y, ....]...192.168.1.103 [C=X, ST=X,.....]===192.168.0.2/32
You need rightsubnet=vhost:%priv,%no and a virtual_private that includes 192.168.0.0/24
Paul
More information about the Users
mailing list