[prev in list] [next in list] [prev in thread] [next in thread]
List: openswan-users
Subject: Re: [Openswan Users] Ipsec error : no connection is known
From: Frédéric_Gonzatti <fred99 () libertysurf ! fr>
Date: 2004-05-31 10:00:10
Message-ID: 40BB022A.4030906 () libertysurf ! fr
[Download RAW message or body]
Nate Carlson wrote:
>On Sat, 29 May 2004, Frédéric Gonzatti wrote:
>
>
>>Here is my ipsec.conf file of my linux gateway :
>>
>>
>
>Looks like you don't have NAT-T enabled - try turning that on. (See below)
>
>
>
>>config setup
>> # Debug-logging controls: "none" for (almost) none, "all" for lots.
>> interfaces=%defaultroute
>> uniqueids=yes
>> plutodebug=no
>>
>>
>
>Add:
>
> nat_traversal=yes
>
>
>
>>conn roadwarrior
>> right=%any
>> left=%defaultroute
>> leftcert=gandalf.XXX.com.pem
>> auto=add
>> pfs=yes
>>
>>
>
>For testing purposes, add:
>
> rightsubnet=vhost:%no,%all
>
>In the long term (if this works), you'll want to set the virtual_private
>setting, and use that to define what networks roadwarriors can have their
>internal IP in; see that NAT-T docs.
>
>------------------------------------------------------------------------
>| nate carlson | natecars@natecarlson.com | http://www.natecarlson.com |
>| depriving some poor village of its idiot since 1981 |
>------------------------------------------------------------------------
>
>
>
I will try (I think I have to recompile my kernel to include nat-t patch).
I will get back to you after doing that.
Thank you
Frederic
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic