[Openswan Users] IPsec configuration

Ted Victorio tvan5bee at yahoo.com
Wed Nov 26 22:26:59 EST 2014


Bingo, add rightid=192.168.1.150 to both sides and it works like a champ.Thanks a bunch!


  On Tuesday, November 25, 2014 10:35 PM, Nick Howitt <nick at howitts.co.uk> wrote:
  You will probably have to set leftid or rightid to @your_public_ip for your PC B.
 
  Nick
 
 On 26/11/2014 00:28, Ted Victorio wrote:
  
  Hi Neal,
 No joy with 'forceencaps=yes' to either side or both.
 I removed DMZ setup for PC B and set router to forward UDP 500 and 4500 for IPsec & NAT-T.
 Same ipsec.conf & ipsec.secrets. Again, the link initiates from 90.0.0.9-to--192.168.1.150 fine, but won't initiate in reverse.
 Thanks,
 
 Neal Murphy wrote:
 > As a guess, add 'forceencaps=yes' to B's config; that should force it to start 
 > with NAT traversal.
 
 On Monday, November 24, 2014 01:35:35 AM Ted Victorio wrote:
 > Hello gurus,
 > 
 > My IPsec link (90.0.0.9--192.168.1.150) works fine if PC A initiates "ipsec
 > auto --up A_to_B" However, if PC B initiates "ipsec auto --up B_to_A", the
 > handshake fails since the router converts main mode 1 from 192.168.1.150
 > as if IPsec initiated from 90.0.0.3. Appreciate any suggestion to solve this.
 >Thank you,


   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20141127/c724f0d9/attachment-0001.html>


More information about the Users mailing list