[prev in list] [next in list] [prev in thread] [next in thread]
List: openswan-users
Subject: [Openswan Users] NAT-T problems
From: kumar nani <kumar_lists () yahoo ! co ! in>
Date: 2005-07-23 6:58:21
Message-ID: 20050723065821.13882.qmail () web8610 ! mail ! in ! yahoo ! com
[Download RAW message or body]
Hi all ,
I am a newbie to the IPSec & i have installed
openswan-2.3.0 on two linux machines.IPSec is working
fine between both of them.But when i am trying to test
NAT-Traversal with openswan-2.3.0 on two linux
machines it is failing.My setup is shown below.
PC1 -- 20.20.20.5 (eth0)
|
|
-- 20.20.20.1 (eth0)
PC-NAT
-- 192.168.1.125 (eth1)
|
|
PC2 -- 192.168.1.124 (eth0)
PC1 & PC2 are linux machines running openswan-2.3.0 in
them and NAT box is also a Linux PC having two
ethernet interfaces eth0 & eth1 having a nat rule as
given below.
iptables -t nat -A POSTROUTING -s 20.20.20.5 -o eth1
-j SNAT --to-source 192.168.1.125
This rule is working fine for ping packets.i.e., PC1
can ping PC2 and vice versa.
ipsec.conf files for both the PC's are given below.
PC1
---
config setup
klipsdebug=none
plutodebug=none
interfaces=ipsec0=eth0
nat_traversal=yes
conn PC1
type=tunnel
left .20.20.5
right2.168.1.124
auth=esp
authby=secret
keyexchange=ike
pfs=yes
autod
PC2
----
config setup
klipsdebug=none
plutodebug=none
interfaces=ipsec0=eth0
nat_traversal=yes
conn PC2
type=tunnel
left2.168.1.124
right .20.20.5
auth=esp
authby=secret
keyexchange=ike
pfs=yes
autod
ipsec.secrets file
------------------
PC1
---
20.20.20.5 192.168.1.124 : PSK "nattraversal"
PC2
---
192.168.1.124 20.20.20.5 : PSK "nattraversal"
-----------
When I am initiating the connection from anyside the
connection is not at all establishing.IKE mainmode
itself is not going.
Can anybody please tell me is there any thing wrong
with my configuration.
Regards
Kumar.
__________________________________________________________
How much free photo storage do you get? Store your friends 'n family snaps for FREE \
with Yahoo! Photos http://in.photos.yahoo.com \
_______________________________________________ Users mailing list
Users@openswan.org
http://lists.openswan.org/mailman/listinfo/users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic