[Openswan Users] Roadwarrior setup to Draytek Vigor

Thorsten Meinl Thorsten.Meinl at uni-konstanz.de
Wed Feb 27 11:28:11 EST 2013

Hi Michael,

>> Roadwarrior behing NAT (currently <-->
>> VPN gateway ( <-->
>> private network (
> where is the relation to Draytek? The client behind Draytok initiates 
> the connection?
The Draytek router is guarding the VPN I'm trying to connect to. It's
probably unrelated to Draytek, since I assume the problem is purely on
my Linux side. The client can be behind any router.

>> conn zurich
>>          authby=rsasig
>>          pfs=no
>>          rekey=yes
>>          keyingtries=3
>>          type=tunnel
>>          left=%defaultroute
>>          leftprotoport=17/1701
>>          leftrsasigkey=%cert
>>          leftcert=knime-vpn.pem
>>          right=
>>          rightid="C=CH, ..."
>>          rightprotoport=17/1701
>>          rightcert=knime-router.pem
>>          rightsubnet=
>>          auto=start
> This is not a RW setup?
Why? I also tried with type=transport if this is what you are aiming at,
but the results were the same (no success). Only the "ip xfrm policy"
output looks a bit different.

>> However, when I ping any of the host in the private network, e.g.
>> I don't see any encrypted packages in tcpdump/wireshark, but
>> only direct connections. In the end I get "Destination Net Unreachable"
>> from the roadwarriors NAT router. What I am doing wrong here?
> Don't get it, which device initiates the VPN? conn zurich uses l2tp 
> setup, don't thin the Draytek supports it.
I'm not using any L2TP, I want to connect directly via IPSEC. This is
why I'm using RSA certificates. The Draytek router support both, btw.

Thanks so far,


Dr.-Ing. Thorsten Meinl               room: Z813
Nycomed Chair for Bioinformatics      fax: +49 (0)7531 88-5132
and Information Mining                phone: +49 (0)7531 88-5016
Box 712, 78457 Konstanz, Germany

More information about the Users mailing list