[Openswan Users] ipsec tunnel doesn't up behined NAT

Patrick Naubert patrickn at xelerance.com
Mon Dec 14 09:01:36 EST 2015


Also rescued from the spam bucket.

From: "haha " <qiluc at qq.com>
Date: December 14, 2015 at 4:47:10 AM EST
To: "users" <users at lists.openswan.org>
Subject: Re: ipsec tunnel doesn't up behined NAT


error outputs:
packet from 172.16.0.164:500: initial Main Mode message received on 192.168.182.103:500 but no connection has been authorized with p
olicy=PSK


------------------ Original ------------------
From:  "haha ";<qiluc at qq.com>;
Date:  Mon, Dec 14, 2015 05:10 PM
To:  "users"<users at lists.openswan.org>;
Subject:  ipsec tunnel doesn't up behined NAT

hi experts,
i setup a ipsec vpn tunnel, it was ok, but after i installed a NAT in between, the tunnel doesn't up again

please see the configruation


---------------------------------------------
<client side>
----------------------------------------------
ipsec.secrets file:
192.168.177.1 192.168.182.103 : PSK "abc"

ipsec.conf file:

version 2.0     

config setup
        plutodebug=all
        plutostderrlog=/var/log/pluto.log
        protostack=netkey
        nat_traversal=yes
        virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/16
        oe=off

conn to-103
        authby=secret
        auto=add
        ike=3des-md5

        keyexchange=ike
        phase2=esp
        phase2alg=3des-md5
        compress=no
        pfs=yes
        type=tunnel
        left=192.168.177.1
        leftsubnet=192.168.10.0/24
        right=192.168.182.103
        rightsubnet=192.168.182.0/24


-------------------------------------------------
<server side>
-------------------------------------------------
ipsec.secrets file:
192.168.182.103 192.168.177.1 : PSK "abc"

ipsec.conf file:

version 2.0     

config setup
        plutodebug=all
        plutostderrlog=/var/log/pluto.log
        protostack=netkey
        nat_traversal=yes
        virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/16
        oe=off

conn to-103
        authby=secret
        auto=add
        ike=3des-md5

        keyexchange=ike
        phase2=esp
        phase2alg=3des-md5
        compress=no
        pfs=yes
        type=tunnel
        left=192.168.182.103
        leftsubnet=192.168.182.0/24
        leftnexthop=192.168.182.95
        right=192.168.177.1
        rightsubnet=192.168.10.0/24



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20151214/5f0a54fa/attachment.html>


More information about the Users mailing list