[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openswan-users
Subject:    Re: [Openswan Users] Ipsec error : no connection is known
From:       Frédéric_Gonzatti <fred99 () libertysurf ! fr>
Date:       2004-05-31 10:00:10
Message-ID: 40BB022A.4030906 () libertysurf ! fr
[Download RAW message or body]

Nate Carlson wrote:

>On Sat, 29 May 2004, Frédéric Gonzatti wrote:
>  
>
>>Here is my ipsec.conf file of my linux gateway :
>>    
>>
>
>Looks like you don't have NAT-T enabled - try turning that on. (See below)
>
>  
>
>>config setup
>>    # Debug-logging controls:  "none" for (almost) none, "all" for lots.
>>    interfaces=%defaultroute
>>    uniqueids=yes
>>    plutodebug=no
>>    
>>
>
>Add:
>
>	nat_traversal=yes
>
>  
>
>>conn roadwarrior
>>    right=%any
>>    left=%defaultroute
>>    leftcert=gandalf.XXX.com.pem
>>    auto=add
>>    pfs=yes
>>    
>>
>
>For testing purposes, add:
>
>	rightsubnet=vhost:%no,%all
>
>In the long term (if this works), you'll want to set the virtual_private
>setting, and use that to define what networks roadwarriors can have their
>internal IP in; see that NAT-T docs.
>
>------------------------------------------------------------------------
>| nate carlson | natecars@natecarlson.com | http://www.natecarlson.com |
>|       depriving some poor village of its idiot since 1981            |
>------------------------------------------------------------------------
>
>  
>
I will try (I think I have to recompile my kernel to include nat-t patch).
I will get back to you after doing that.

Thank you

Frederic


[prev in list] [next in list] [prev in thread] [next in thread]