[Openswan Users] Problem Getting Past Phase 1

David Douglas Smith ds1968 at outlook.com
Mon Jun 2 09:02:17 EDT 2014

Hi all.  I am hoping someone on this list might be able to lend a hand.
This is a simple VPN setup ;
conn myvpnconn  authby=secret  auto=start  type=tunnel  aggrmode=no  left=  leftid=<NAT'd PUBLIC IP>  leftsubnet=  leftnexthop=%defaultroute
  right=A.B.C.1   - this is a public IP  rightid=A.B.C.1 - this subnet is the same net as right is on  rightsubnet=A.B.C.0/24  ike=aes128-sha1;modp1024  ikelifetime=480m  phase2=esp  phase2alg=aes128-sha1;modp1024  salifetime=3600s  pfs=yes  forceencaps=no
The error (or problem) I am experiencing is that the tunnel is never getting past Phase1
500 STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT 
I suspect the issue is that the right is a public IP on the same subnet as the rightsubnet itself. If I am correct, I believe the solution is to use iptables on the left openswan to NAT/Masquerade the traffic to the right server so it does not get confused between internet traffic and encrypted traffic??  Does that make sense? Has anyone dealt with a similar setup? 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20140602/21012835/attachment.html>

More information about the Users mailing list