[Openswan Users] openswan to natted road warrior
chesty at chesterton.id.au
Fri Mar 23 05:53:51 EDT 2012
I don't know where to start. Say I have:
I don't care about reaching 192.168.1.1 at this stage, I want to be
able to manage the router from the internet.
18.104.22.168 is dynamic (I think it is anyway, lets say that it is), it will
and 10.1.1.2 is dynamic (I think it is anyway, lets say that it is), it
In all the reading I've being doing, I can't see how the router gets an IP
that I can ping from openswan.
The last thing I read was:
Is that the way to go?
There's another complication, the router is using ipsec-tools,
and there's no shell access, you get given a web interface.
I've read ipsec-tool does/doesn't work with openswan.
This is my openswan config so far
the last line in the logs on openswan is
Mar 23 20:41:59 test pluto: "test" 22.214.171.124 #35: STATE_MAIN_R2:
sent MR2, expecting MI3
the last few lines on the router are
Jan 1 14:32:21 racoon: INFO: KA list add: 10.1.1.2->126.96.36.199
Jan 1 14:32:31 racoon: NOTIFY: the packet is retransmitted by 188.8.131.52
Jan 1 14:32:50 racoon: ERROR: phase2 negotiation failed due to time up
waiting for phase1. ESP 184.108.40.206->10.1.1.2
Jan 1 14:32:50 racoon: INFO: delete phase 2 handler.
Jan 1 14:32:51 racoon: NOTIFY: the packet is retransmitted by 220.127.116.11
Jan 1 14:33:11 racoon: ERROR: phase1 negotiation failed due to time up.
Jan 1 14:33:11 racoon: INFO: KA remove: 10.1.1.2->18.104.22.168
Jan 1 14:33:11 admin_user: ipsec_count=0
So it looks like openswan is sending some sort of message (MR2) and the
router is ignoring it
or doesn't receive it?
Apologies for the redacted ip addresses, hopefully you can still work out
what's going on and get
me a clue stick.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users