[Openswan Users] Shouldn't this be NATed?

Paul Wouters paul at xelerance.com
Fri Sep 23 18:39:02 EDT 2011


On Fri, 23 Sep 2011, James Nelson wrote:

> Same setup as my previous posts, with an Amazon EC2 to Client connection.  When I establish the conn, here is my response:
> 
> 104 "ec2check" #6: STATE_MAIN_I1: initiate
> 106 "ec2check" #6: STATE_MAIN_I2: sent MI2, expecting MR2
> 108 "ec2check" #6: STATE_MAIN_I3: sent MI3, expecting MR3
> 004 "ec2check" #6: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5
> group=modp1024}
> 117 "ec2check" #7: STATE_QUICK_I1: initiate
> 003 "ec2check" #7: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME msgid=a4bbfe57
> 004 "ec2check" #7: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP/NAT=>0xbcd53ec2 <0x6981795a
> xfrm=3DES_0-HMAC_MD5 NATOA=none NATD=none DPD=none}

That looks wrong, it should have some NAT values.
Do you have nat_traversal=yes in config setup?
Do you have forceencaps=yes in the conn?
Did you reload the connection after making those changes?

Paul


More information about the Users mailing list