[Openswan Users] IPsec configuration

Ted Victorio tvan5bee at yahoo.com
Tue Nov 25 19:28:12 EST 2014 

Hi Neal,
No joy with 'forceencaps=yes' to either side or both.
I removed DMZ setup for PC B and set router to forward UDP 500 and 4500 for IPsec & NAT-T.
Same ipsec.conf & ipsec.secrets. Again, the link initiates from 90.0.0.9-to--192.168.1.150 fine, but won't initiate
in reverse.
Thanks,

Neal Murphy wrote:
> As a guess, add 'forceencaps=yes' to B's config; that should force it to start 
> with NAT traversal.

On Monday, November 24, 2014 01:35:35 AM Ted Victorio wrote:
> Hello gurus,
> 
> My IPsec link (90.0.0.9--192.168.1.150) works fine if PC A initiates "ipsec
> auto --up A_to_B" However, if PC B initiates "ipsec auto --up B_to_A", the
> handshake fails since the router converts main mode 1 from 192.168.1.150
> as if IPsec initiated from 90.0.0.3. Appreciate any suggestion to solve
> this.
>Thank you,
>
>
>
>Notes:
>1) PC B is configured as DMZ behind Trendnet router
>2) nat_traversal=yes for both PC A & PC B
>
>209.0.0.9
>PC A (openswan)
>90.0.0.9
>    |
>    |
>    |
>90.0.0.3
>Trendnet TEW-432BRP ROUTER
>192.168.1.1
>    |
>    |
>    |
>192.168.1.150  #DMZ#
>PC B (openswan)
>
>
>PC A ipsec.conf:
>================
>config setup
>    nat_traversal=yes
>    virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
>
>conn A_to_B
>    type=tunnel
>    authby=secret
>    left=90.0.0.9
>    leftsubnet=209.0.0.0/24
>    leftnexthop=90.0.0.3
>    right=192.168.1.150
>    rightsubnet=192.168.1.150/32
>    auto=add
>
>PC A ipsec.secrets:
>-------------------
>90.0.0.9 192.168.1.150 : PSK "test123"
>
>
>PC B ipsec.conf:
>================
>config setup
>    nat_traversal=yes
>    virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
>
>conn B_to_A
>    type=tunnel
>    authby=secret
>    left=90.0.0.9
>    leftsubnet=209.0.0.0/24
>    right=192.168.1.150
>    rightsubnet=192.168.1.150/32
>    auto=add
>
>PC B ipsec.secrets:
>-------------------
>192.168.1.150 90.0.0.9 : PSK "test123"






-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20141126/a85e4817/attachment.html>

More information about the Users mailing list