[Openswan Users] Problem Getting Past Phase 1
David Douglas Smith
ds1968 at outlook.com
Mon Jun 2 09:02:17 EDT 2014
Hi all. I am hoping someone on this list might be able to lend a hand.
This is a simple VPN setup ;
conn myvpnconn authby=secret auto=start type=tunnel aggrmode=no left=10.1.1.1 leftid=<NAT'd PUBLIC IP> leftsubnet=10.1.1.0/24 leftnexthop=%defaultroute
right=A.B.C.1 - this is a public IP rightid=A.B.C.1 - this subnet is the same net as right is on rightsubnet=A.B.C.0/24 ike=aes128-sha1;modp1024 ikelifetime=480m phase2=esp phase2alg=aes128-sha1;modp1024 salifetime=3600s pfs=yes forceencaps=no
The error (or problem) I am experiencing is that the tunnel is never getting past Phase1
500 STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT
I suspect the issue is that the right is a public IP on the same subnet as the rightsubnet itself. If I am correct, I believe the solution is to use iptables on the left openswan to NAT/Masquerade the traffic to the right server so it does not get confused between internet traffic and encrypted traffic?? Does that make sense? Has anyone dealt with a similar setup?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20140602/21012835/attachment.html>
More information about the Users
mailing list