[Openswan Users] NAT-Traversal issue
users-bounces at lists.openswan.org
users-bounces at lists.openswan.org
Fri Nov 8 06:25:19 UTC 2013
Rescued from the Spam bucket. Please remember to subscribe to the mailing list before posting to it.
From: Iain Buchanan <iain.buchanan at piquanttech.com>
Subject: Re: [Openswan Users] NAT-Traversal issue
Date: November 8, 2013 at 6:21:03 AM EST
To: Ozai <ozai.tien at gmail.com>
Cc: users at lists.openswan.org
Hi Ozai,
I think I had a similar issue, with the “No suitable connection for peer” errors at some point. I’m very much stumbling around here, but I found that if I had NAT I had to have different configurations at either side, specifying the “id” - I couldn’t just copy the config across. I also needed iptables rules so that my traffic out had the right address to get picked up by the tunnel.
For example, drawing connections vertically:
Server A
internal IP: A_INT
external IP: A_EXT
(NAT)
external IP: A_TRUE_EXT
(Internet)
Server B
internal IP: B_INT
external IP: B_EXT
Then I would have on Server A (note the iptables rules as well):
conn ServerA
left=A_EXT
leftid=A_TRUE_EXT
leftsubnet=A_INT_NETWORK
right=B_EXT
rightsubnet=B_INT_NETWORK
sudo iptables -t nat -I POSTROUTING --dst B_INT_NETWORK -j SNAT --to-source A_INT
And on Server B:
conn ServerB
left=A_TRUE_EXT
leftsubnet=A_INT_NETWORK
right=B_INT
rightid=B_EXT
rightsubnet=B_INT_NETWORK
sudo iptables -t nat -I POSTROUTING --dst A_INT_NETWORK -j SNAT --to-source B_INT
Iain
On 8 Nov 2013, at 10:53, Ozai <ozai.tien at gmail.com> wrote:
> Hi Dan,
>
> Because I do not ues certificates to do authentication.so I ignore it.
>
> Best Regards,
> Ozai
> ----- Original Message -----
> From: Dan Cave
> To: Bart Smink ; Ozai
> Cc: users at lists.openswan.org
> Sent: Friday, November 08, 2013 6:35 PM
> Subject: Re: [Openswan Users] NAT-Traversal issue
>
> Um.. not sure if anyone picked up on these messages that shows issues with certs.
>
> om entropy
> Nov 8 09:00:13 authpriv warn pluto[8242]: Could not change to directory '/var/ipsec.d/cacerts': No such file or directory
> Nov 8 09:00:13 authpriv warn pluto[8242]: Could not change to directory '/var/ipsec.d/aacerts': No such file or directory
> Nov 8 09:00:13 authpriv warn pluto[8242]: Could not change to directory '/var/ipsec.d/ocspcerts': No such file or directory
> Nov 8 09:00:13 authpriv warn pluto[8242]: Could not change to directory '/var/ipsec.d/crls': 2 No such file or directory
> Nov 8 09:00:13 authpriv warn pluto[8242]: added connection description "test"
> Nov 8 09:00:13 daemon err ipsec__plutorun: 002 added connection description "test"
> Nov 8 09:00:14 authpriv warn pluto[8242]: listening for IKE messages
>
> I'd start by trying to fix that? #maybeRelevant?
>
> Sent from Samsung Mobile
>
>
> -------- Original message --------
> From: Bart Smink
> Date:08/11/2013 10:23 (GMT+00:00)
> To: Ozai
> Cc: users at lists.openswan.org
> Subject: Re: [Openswan Users] NAT-Traversal issue
>
> Hi Ozai,
>
> It could be that the router that is in front of the client that is trying to connect is altering the packages with IPsec-passthrough functions. Sometimes this breaks the connection and it is better to turn these features off. You could try to connect directly and see if that works. On the openswan 2.6.38 computer, what kernel version do you run? And which linux distribution? And the NAT is done by which device?
>
> Greetings,
>
> Bart
>
>
> 2013/11/8 Ozai <ozai.tien at gmail.com>
> Dear Sirs,
>
> The messages are from server.It seem that client did not transform the IP address.So the server can not check antyhing.It seem the NAT traversal could not work.What kernel feature do I need to enable?or anything else I need to check?
> Can someone point me in the right direction?Please help,Thank's.
>
> Best Regards,
> Ozai
>
> Nov 8 09:00:09 daemon err ipsec_setup: Starting Openswan IPsec U2.6.38/K2.6.30...
> Nov 8 09:00:09 daemon err ipsec_setup: Using NETKEY(XFRM) stack
> Nov 8 09:00:11 authpriv err ipsec__plutorun: Starting Pluto subsystem...
> Nov 8 09:00:11 user warn syslog: adjusting ipsec.d to /var/ipsec.d
> Nov 8 09:00:11 daemon err ipsec__plutorun: adjusting ipsec.d to /var/ipsec.d
> Nov 8 09:00:11 authpriv warn pluto[8242]: WARNING: 1DES is enabled
> Nov 8 09:00:11 authpriv warn pluto[8242]: LEAK_DETECTIVE support [disabled]
> Nov 8 09:00:11 authpriv warn pluto[8242]: OCF support for IKE [disabled]
> Nov 8 09:00:11 authpriv warn pluto[8242]: NSS support [disabled]
> Nov 8 09:00:11 authpriv warn pluto[8242]: HAVE_STATSD notification support not compiled in
> Nov 8 09:00:11 authpriv warn pluto[8242]: Setting NAT-Traversal port-4500 floating to off
> Nov 8 09:00:11 authpriv warn pluto[8242]: port floating activation criteria nat_t=0/port_float=1
> Nov 8 09:00:11 authpriv warn pluto[8242]: NAT-Traversal support [disabled]
> Nov 8 09:00:11 authpriv warn pluto[8242]: using /dev/urandom as source of random entropy
> Nov 8 09:00:11 daemon err ipsec_setup: ...Openswan IPsec started
> Nov 8 09:00:11 authpriv warn pluto[8242]: starting up 1 cryptographic helpers
> Nov 8 09:00:11 authpriv warn pluto[8242]: started helper pid=8244 (fd:6)
> Nov 8 09:00:11 authpriv warn pluto[8244]: using /dev/urandom as source of random entropy
> Nov 8 09:00:13 authpriv warn pluto[8242]: Could not change to directory '/var/ipsec.d/cacerts': No such file or directory
> Nov 8 09:00:13 authpriv warn pluto[8242]: Could not change to directory '/var/ipsec.d/aacerts': No such file or directory
> Nov 8 09:00:13 authpriv warn pluto[8242]: Could not change to directory '/var/ipsec.d/ocspcerts': No such file or directory
> Nov 8 09:00:13 authpriv warn pluto[8242]: Could not change to directory '/var/ipsec.d/crls': 2 No such file or directory
> Nov 8 09:00:13 authpriv warn pluto[8242]: added connection description "test"
> Nov 8 09:00:13 daemon err ipsec__plutorun: 002 added connection description "test"
> Nov 8 09:00:14 authpriv warn pluto[8242]: listening for IKE messages
> Nov 8 09:00:14 authpriv warn pluto[8242]: adding interface eth3.1/eth3.1 192.17.200.110:500
> Nov 8 09:00:14 authpriv warn pluto[8242]: adding interface br0/br0 192.168.12.254:500
> Nov 8 09:00:14 authpriv warn pluto[8242]: adding interface lo/lo 127.0.0.1:500
> Nov 8 09:00:14 authpriv warn pluto[8242]: adding interface lo/lo ::1:500
> Nov 8 09:00:14 authpriv warn pluto[8242]: loading secrets from "/var/ipsec.secrets"
> Nov 8 09:00:15 authpriv warn pluto[8242]: "test": deleting connection
> Nov 8 09:00:15 authpriv warn pluto[8242]: added connection description "test"
> Nov 8 09:00:15 authpriv warn pluto[8242]: "test" #1: initiating Main Mode
> Nov 8 09:00:15 authpriv warn pluto[8242]: "test" #1: ERROR: asynchronous network error report on eth3.1 (sport=500) for message to 192.17.200.79 port 500, complainant 192.17.200.79: Connection refused [errno 146, origin ICMP type 3 code 3 (not
> Nov 8 09:00:20 authpriv warn pluto[8242]: packet from 192.17.200:1: received Vendor ID payload [Dead Peer Detection]
> Nov 8 09:00:20 authpriv warn pluto[8242]: "test" #2: responding to Main Mode
> Nov 8 09:00:20 authpriv warn pluto[8242]: "test" #2: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
> Nov 8 09:00:20 authpriv warn pluto[8242]: "test" #2: STATE_MAIN_R1: sent MR1, expecting MI2
> Nov 8 09:00:21 authpriv warn pluto[8242]: "test" #2: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
> Nov 8 09:00:21 authpriv warn pluto[8242]: "test" #2: STATE_MAIN_R2: sent MR2, expecting MI3
> Nov 8 09:00:21 authpriv warn pluto[8242]: "test" #2: Main mode peer ID is ID_IPV4_ADDR: '192.168.11.2'
> Nov 8 09:00:21 authpriv warn pluto[8242]: "test" #2: no suitable connection for peer '192.168.11.2'
> Nov 8 09:00:21 authpriv warn pluto[8242]: "test" #2: sending encrypted notification INVALID_ID_INFORMATION to 192.17.200.79:1
> Nov 8 09:00:25 authpriv warn pluto[8242]: "test" #1: ERROR: asynchronous network error report on eth3.1 (sport=500) for message to 192.17.200.79 port 500, complainant 192.17.200.79: Connection refused [errno 146, origin ICMP type 3 code 3 (not
> Nov 8 09:00:31 authpriv warn pluto[8242]: "test" #2: no suitable connection for peer '192.168.11.2'
> Nov 8 09:00:31 authpriv warn pluto[8242]: "test" #2: sending encrypted notification INVALID_ID_INFORMATION to 192.17.200.79:1
> Nov 8 09:00:45 authpriv warn pluto[8242]: "test" #1: ERROR: asynchronous network error report on eth3.1 (sport=500) for message to 192.17.200.79 port 500, complainant 192.17.200.79: Connection refused [errno 146, origin ICMP type 3 code 3 (not
> Nov 8 09:00:51 authpriv warn pluto[8242]: "test" #2: no suitable connection for peer '192.168.11.2'
> Nov 8 09:00:51 authpriv warn pluto[8242]: "test" #2: sending encrypted notification INVALID_ID_INFORMATION to 192.17.200.79:1
> Nov 8 09:01:25 authpriv warn pluto[8242]: "test" #1: ERROR: asynchronous network error report on eth3.1 (sport=500) for message to 192.17.200.79 port 500, complainant 192.17.200.79: Connection refused [errno 146, origin ICMP type 3 code 3 (not
> Nov 8 09:01:31 authpriv warn pluto[8242]: packet from 192.17.200.79:1: received Vendor ID payload [Openswan (this version) 2.6.38 ]
> Nov 8 09:01:31 authpriv warn pluto[8242]: packet from 192.17.200.79:1: received Vendor ID payload [Dead Peer Detection]
> Nov 8 09:01:31 authpriv warn pluto[8242]: "test" #3: responding to Main Mode
> Nov 8 09:01:31 authpriv warn pluto[8242]: "test" #3: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
> Nov 8 09:01:31 authpriv warn pluto[8242]: "test" #3: STATE_MAIN_R1: sent MR1, expecting MI2
> Nov 8 09:01:31 authpriv warn pluto[8242]: "test" #3: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
> Nov 8 09:01:31 authpriv warn pluto[8242]: "test" #3: STATE_MAIN_R2: sent MR2, expecting MI3
> Nov 8 09:01:31 authpriv warn pluto[8242]: "test" #3: Main mode peer ID is ID_IPV4_ADDR: '192.168.11.2'
> Nov 8 09:01:31 authpriv warn pluto[8242]: "test" #3: no suitable connection for peer '192.168.11.2'
> Nov 8 09:01:31 authpriv warn pluto[8242]: "test" #3: sending encrypted notification INVALID_ID_INFORMATION to 192.17.200.79:1
> Nov 8 09:01:41 authpriv warn pluto[8242]: "test" #3: Main mode peer ID is ID_IPV4_ADDR: '192.168.11.2'
> Nov 8 09:01:41 authpriv warn pluto[8242]: "test" #3: no suitable connection for peer '192.168.11.2'
> Nov 8 09:01:41 authpriv warn pluto[8242]: "test" #3: sending encrypted notification INVALID_ID_INFORMATION to 192.17.200.79:1
> Nov 8 09:02:01 authpriv warn pluto[8242]: "test" #3: Main mode peer ID is ID_IPV4_ADDR: '192.168.11.2'
> Nov 8 09:02:01 authpriv warn pluto[8242]: "test" #3: no suitable connection for peer '192.168.11.2'
> Nov 8 09:02:01 authpriv warn pluto[8242]: "test" #3: sending encrypted notification INVALID_ID_INFORMATION to 192.17.200.79:1
> Nov 8 09:02:05 authpriv warn pluto[8242]: "test" #1: ERROR: asynchronous network error report on eth3.1 (sport=500) for message to 192.17.200.79 port 500, complainant 192.17.200.79: Connection refused [errno 146, origin ICMP type 3 code 3 (not
> Nov 8 09:02:41 authpriv warn pluto[8242]: packet from 192.17.200.79:1: received Vendor ID payload [Dead Peer Detection]
> Nov 8 09:02:41 authpriv warn pluto[8242]: "test" #4: responding to Main Mode
> Nov 8 09:02:41 authpriv warn pluto[8242]: "test" #4: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
> Nov 8 09:02:41 authpriv warn pluto[8242]: "test" #4: STATE_MAIN_R1: sent MR1, expecting MI2
> Nov 8 09:02:41 authpriv warn pluto[8242]: "test" #3: max number of retransmissions (2) reached STATE_MAIN_R2
> Nov 8 09:02:41 authpriv warn pluto[8242]: "test" #4: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
> Nov 8 09:02:41 authpriv warn pluto[8242]: "test" #4: STATE_MAIN_R2: sent MR2, expecting MI3
> Nov 8 09:02:41 authpriv warn pluto[8242]: "test" #4: Main mode peer ID is ID_IPV4_ADDR: '192.168.11.2'
> Nov 8 09:02:41 authpriv warn pluto[8242]: "test" #4: no suitable connection for peer '192.168.11.2'
> Nov 8 09:02:41 authpriv warn pluto[8242]: "test" #4: sending encrypted notification INVALID_ID_INFORMATION to 192.17.200.79:1
> Nov 8 09:02:45 authpriv warn pluto[8242]: "test" #1: ERROR: asynchronous network error report on eth3.1 (sport=500) for message to 192.17.200.79 port 500, complainant 192.17.200.79: Connection refused [errno 146, origin ICMP type 3 code 3 (not
> Nov 8 09:02:51 authpriv warn pluto[8242]: "test" #4: no suitable connection for peer '192.168.11.2'
> Nov 8 09:02:51 authpriv warn pluto[8242]: "test" #4: sending encrypted notification INVALID_ID_INFORMATION to 192.17.200.79:1
> Nov 8 09:03:11 authpriv warn pluto[8242]: "test" #4: Main mode peer ID is ID_IPV4_ADDR: '192.168.11.2'
> Nov 8 09:03:11 authpriv warn pluto[8242]: "test" #4: no suitable connection for peer '192.168.11.2'
> Nov 8 09:03:11 authpriv warn pluto[8242]: "test" #4: sending encrypted notification INVALID_ID_INFORMATION to 192.17.200.79:1
> Nov 8 09:03:25 authpriv warn pluto[8242]: "test" #1: max number of retransmissions (5) reached STATE_MAIN_I1. No response (or no acceptable response) to our first IKE message
> Nov 8 09:03:25 authpriv warn pluto[8242]: "test" #5: initiating Main Mode to replace #1
> Nov 8 09:03:25 authpriv warn pluto[8242]: "test" #5: ERROR: asynchronous network error report on eth3.1 (sport=500) for message to 192.17.200.79 port 500, complainant 192.17.200.79: Connection refused [errno 146, origin ICMP type 3 code 3 (not
> Nov 8 09:03:51 authpriv warn pluto[8242]: packet from 192.17.200.79:1: received Vendor ID payload [Openswan (this version) 2.6.38 ]
> Nov 8 09:03:51 authpriv warn pluto[8242]: packet from 192.17.200.79:1: received Vendor ID payload [Dead Peer Detection]
> Nov 8 09:03:51 authpriv warn pluto[8242]: "test" #6: responding to Main Mode
> Nov 8 09:03:51 authpriv warn pluto[8242]: "test" #6: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
> Nov 8 09:03:51 authpriv warn pluto[8242]: "test" #6: STATE_MAIN_R1: sent MR1, expecting MI2
> Nov 8 09:03:51 authpriv warn pluto[8242]: "test" #4: max number of retransmissions (2) reached STATE_MAIN_R2
> Nov 8 09:03:55 authpriv warn pluto[8242]: "test" #5: ERROR: asynchronous network error report on eth3.1 (sport=500) for message to 192.17.200.79 port 500, complainant 192.17.200.79: Connection refused [errno 146, origin ICMP type 3 code 3 (not
> Nov 8 09:04:01 authpriv warn pluto[8242]: "test" #6: STATE_MAIN_R2: sent MR2, expecting MI3
> Nov 8 09:04:01 authpriv warn pluto[8242]: "test" #6: Main mode peer ID is ID_IPV4_ADDR: '192.168.11.2'
> Nov 8 09:04:01 authpriv warn pluto[8242]: "test" #6: no suitable connection for peer '192.168.11.2'
> Nov 8 09:04:01 authpriv warn pluto[8242]: "test" #6: sending encrypted notification INVALID_ID_INFORMATION to 192.17.200.79:1
> ----- Original Message -----
> From: Ozai
> To: users at lists.openswan.org
> Sent: Tuesday, November 05, 2013 6:17 PM
> Subject: NAT-Traversal issue
>
> Hi Sirs,
>
> I setup a openswan VPN client behind the NAT.The test environment is as below.
> It did not work.The traffic did not seem to pass to server.
> I got a message like "NAT-Traversal: ESPINUDP(1) not supported by kernel for family IPv4".
> It seem the NAT Traversal issue.What kernel feature do I need to enable?or anything else I need to check?
> Can someone point me in the right direction?Please help,Thank's.
>
>
> 2.6.38 client--------------------NAT------------------ 2.6.38 Server
> 192.168.15.x 192.168.11.x 192.17.200.x 192.168.12.x
>
>
>
> Nov 5 10:01:11 daemon err ipsec_setup: Starting Openswan IPsec U2.6.38/K2.6.30...
> Nov 5 10:01:11 daemon err ipsec_setup: Using NETKEY(XFRM) stack
> Nov 5 10:01:13 authpriv err ipsec__plutorun: Starting Pluto subsystem...
> Nov 5 10:01:13 user warn syslog: adjusting ipsec.d to /var/ipsec.d
> Nov 5 10:01:13 authpriv warn pluto[11706]: WARNING: 1DES is enabled
> Nov 5 10:01:13 authpriv warn pluto[11706]: LEAK_DETECTIVE support [disabled]
> Nov 5 10:01:13 authpriv warn pluto[11706]: OCF support for IKE [disabled]
> Nov 5 10:01:13 authpriv warn pluto[11706]: NSS support [disabled]
> Nov 5 10:01:13 authpriv warn pluto[11706]: HAVE_STATSD notification support not compiled in
> Nov 5 10:01:13 authpriv warn pluto[11706]: Setting NAT-Traversal port-4500 floating to on
> Nov 5 10:01:13 authpriv warn pluto[11706]: port floating activation criteria nat_t=1/port_float=1
> Nov 5 10:01:13 authpriv warn pluto[11706]: NAT-Traversal support [enabled]
> Nov 5 10:01:13 authpriv warn pluto[11706]: using /dev/urandom as source of random entropy
> Nov 5 10:01:13 daemon err ipsec__plutorun: adjusting ipsec.d to /var/ipsec.d
> Nov 5 10:01:13 authpriv warn pluto[11706]: starting up 1 cryptographic helpers
> Nov 5 10:01:13 authpriv warn pluto[11711]: using /dev/urandom as source of random entropy
> Nov 5 10:01:13 authpriv warn pluto[11706]: started helper pid=11711 (fd:6)
> Nov 5 10:01:13 daemon err ipsec_setup: ...Openswan IPsec started
> Nov 5 10:01:15 authpriv warn pluto[11706]: Could not change to directory '/var/ipsec.d/cacerts': No such file or directory
> Nov 5 10:01:15 authpriv warn pluto[11706]: Could not change to directory '/var/ipsec.d/aacerts': No such file or directory
> Nov 5 10:01:15 authpriv warn pluto[11706]: Could not change to directory '/var/ipsec.d/ocspcerts': No such file or directory
> Nov 5 10:01:15 authpriv warn pluto[11706]: Could not change to directory '/var/ipsec.d/crls': 2 No such file or directory
> Nov 5 10:01:15 authpriv warn pluto[11706]: added connection description "test"
> Nov 5 10:01:15 daemon err ipsec__plutorun: 002 added connection description "test"
> Nov 5 10:01:15 authpriv warn pluto[11706]: listening for IKE messages
> Nov 5 10:01:15 authpriv warn pluto[11706]: NAT-Traversal: ESPINUDP(1) not supported by kernel for family IPv4
> Nov 5 10:01:15 authpriv warn pluto[11706]: adding interface eth0.1/eth0.1 192.168.11.2:500
> Nov 5 10:01:15 daemon err ipsec__plutorun: 003 NAT-Traversal: ESPINUDP(1) not supported by kernel for family IPv4
> Nov 5 10:01:15 authpriv warn pluto[11706]: NAT-Traversal: ESPINUDP(2) not supported by kernel for family IPv4
> Nov 5 10:01:15 authpriv warn pluto[11706]: NAT-Traversal port floating turned off
> Nov 5 10:01:15 daemon err ipsec__plutorun: 003 NAT-Traversal: ESPINUDP(2) not supported by kernel for family IPv4
> Nov 5 10:01:15 authpriv warn pluto[11706]: NAT-Traversal is turned OFF due to lack of KERNEL support: 0/0
> Nov 5 10:01:15 authpriv warn pluto[11706]: adding interface eth0.1/eth0.1 192.168.11.2:4500
> Nov 5 10:01:15 authpriv warn pluto[11706]: adding interface br0/br0 192.168.15.254:500
> Nov 5 10:01:15 authpriv warn pluto[11706]: adding interface lo/lo 127.0.0.1:500
> Nov 5 10:01:15 authpriv warn pluto[11706]: adding interface lo/lo ::1:500
> Nov 5 10:01:15 authpriv warn pluto[11706]: loading secrets from "/var/ipsec.secrets"
> Nov 5 10:01:17 authpriv warn pluto[11706]: "test": deleting connection
> Nov 5 10:01:17 authpriv warn pluto[11706]: added connection description "test"
> Nov 5 10:01:18 authpriv warn pluto[11706]: "test" #1: initiating Main Mode
> Nov 5 10:01:18 authpriv warn pluto[11706]: "test" #1: received Vendor ID payload [Openswan (this version) 2.6.38 ]
> Nov 5 10:01:18 authpriv warn pluto[11706]: "test" #1: received Vendor ID payload [Dead Peer Detection]
> Nov 5 10:01:18 authpriv warn pluto[11706]: "test" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
> Nov 5 10:01:18 authpriv warn pluto[11706]: "test" #1: STATE_MAIN_I2: sent MI2, expecting MR2
> Nov 5 10:01:18 authpriv warn pluto[11706]: "test" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
> Nov 5 10:01:18 authpriv warn pluto[11706]: "test" #1: STATE_MAIN_I3: sent MI3, expecting MR3
> Nov 5 10:01:18 authpriv warn pluto[11706]: "test" #1: ignoring informational payload, type INVALID_ID_INFORMATION msgid=00000000
> Nov 5 10:01:18 authpriv warn pluto[11706]: "test" #1: received and ignored informational message
>
>
> config setup
> nat_traversal=yes
> keep_alive=60
> oe=off
> protostack=netkey
> interfaces=%defaultroute
>
> conn test
> left=192.168.11.2
> leftsubnet=192.168.15.0/24
> rightsubnet=192.168.12.0/24
> connaddrfamily=ipv4
> right=192.17.200.110
> ike=3des-md5;modp1024!
> ikelifetime=480m
> type=tunnel
> salifetime=60m
> phase2alg=3des-hmac_md5!
> pfs=no
> phase2=esp
> keyexchange=ike
> authby=secret
> auto=add
>
> Best Regards,
> Ozai
>
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
>
>
>
> --
> **** DISCLAIMER ****
>
> "This e-mail and any attachment thereto may contain information which is confidential and/or protected by intellectual property rights and are intended for the sole use of the recipient(s) named above.
> Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication or distribution in any form) by other persons than the designated recipient(s) is prohibited.
> If you have received this e-mail in error, please notify the sender either by telephone or by e-mail and delete the material from any computer".
>
> Thank you for your cooperation.
> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
Piquant Technologies LLP is a limited liability partnership registered in England and Wales, with registered number OC381496 and with a registered address at 4th Floor, Reading Bridge House, George Street, Reading RG1 8LS, United Kingdom. Piquant Technologies LLP is authorised and regulated by the United Kingdom Financial Conduct Authority with FRN 597642. This email and any attachments are confidential. Any use, copying or disclosure other than by the intended recipient is unauthorised. If you have received this message in error, please notify the sender immediately and delete this message and any copies from your computer and network. Piquant Technologies LLP does not warrant that any attachments to this email, or websites that are linked from it, are free from viruses or other defects and accepts no liability for any losses resulting from your use of them.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20131108/e0fc298b/attachment-0001.html>
More information about the Users
mailing list