[Openswan Users] IPsec configuration
Ted Victorio
tvan5bee at yahoo.com
Mon Nov 24 01:35:35 EST 2014
Hello gurus,
My IPsec link (90.0.0.9--192.168.1.150) works fine if PC A initiates "ipsec auto --up A_to_B"
However, if PC B initiates "ipsec auto --up B_to_A", the handshake fails since the router
converts main mode 1 from 192.168.1.150 as if IPsec initiated from 90.0.0.3.
Appreciate any suggestion to solve this.
Thank you,
Notes:
1) PC B is configured as DMZ behind Trendnet router
2) nat_traversal=yes for both PC A & PC B
209.0.0.9
PC A (openswan)
90.0.0.9
|
|
|
90.0.0.3
Trendnet TEW-432BRP ROUTER
192.168.1.1
|
|
|
192.168.1.150 #DMZ#
PC B (openswan)
PC A ipsec.conf:
================
config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
conn A_to_B
type=tunnel
authby=secret
left=90.0.0.9
leftsubnet=209.0.0.0/24
leftnexthop=90.0.0.3
right=192.168.1.150
rightsubnet=192.168.1.150/32
auto=add
PC A ipsec.secrets:
-------------------
90.0.0.9 192.168.1.150 : PSK "test123"
PC B ipsec.conf:
================
config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
conn B_to_A
type=tunnel
authby=secret
left=90.0.0.9
leftsubnet=209.0.0.0/24
right=192.168.1.150
rightsubnet=192.168.1.150/32
auto=add
PC B ipsec.secrets:
-------------------
192.168.1.150 90.0.0.9 : PSK "test123"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20141124/c50fad43/attachment.html>
More information about the Users
mailing list