[Openswan Users] Shouldn't this be NATed?

James Nelson II james.nelson.ii at gmail.com
Fri Sep 23 19:42:28 EDT 2011

Those answers are unfortunately yes, yes, and yes.


Brevity is the soul of wit. Misspellings are the soul of writing emails on a phone. Please excuse.

On Sep 23, 2011, at 5:39 PM, Paul Wouters <paul at xelerance.com> wrote:

> On Fri, 23 Sep 2011, James Nelson wrote:
>> Same setup as my previous posts, with an Amazon EC2 to Client connection.  When I establish the conn, here is my response:
>> 104 "ec2check" #6: STATE_MAIN_I1: initiate
>> 106 "ec2check" #6: STATE_MAIN_I2: sent MI2, expecting MR2
>> 108 "ec2check" #6: STATE_MAIN_I3: sent MI3, expecting MR3
>> 004 "ec2check" #6: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5
>> group=modp1024}
>> 117 "ec2check" #7: STATE_QUICK_I1: initiate
>> 003 "ec2check" #7: ignoring informational payload, type IPSEC_RESPONDER_LIFETIME msgid=a4bbfe57
>> 004 "ec2check" #7: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP/NAT=>0xbcd53ec2 <0x6981795a
>> xfrm=3DES_0-HMAC_MD5 NATOA=none NATD=none DPD=none}
> That looks wrong, it should have some NAT values.
> Do you have nat_traversal=yes in config setup?
> Do you have forceencaps=yes in the conn?
> Did you reload the connection after making those changes?
> Paul

More information about the Users mailing list