NAT-T and openswan ?
Hi all,
I'm trying out NAT-T and I'm finding the following problem.
I have a NAT firewall in between my VPN gateway [1] and another VPN endpoint
box [2] (specifically and IPCop 1.3.0 box - it is such a box for ease of
configuration at the remote end by the remote people).
+-----+ +-----------+ +----+
| 1 | <- switch --| Firewall | --switch-> | 2 |
+-----+ +-----------+ +----+
<-10.0.3.1
10.0.2.2-> <-10.0.2.1
NAT
10.0.0.2-> <-10.0.0.3
10.0.1.1->
Machine 1 is nat'd, while 2 is not (2 is simulting a remote end point).
Machine 1 is running a 2.6 kernel with OpenSWan 2.1.5, machine 2 is
running IPCop1.3.0 with SuperFreeSwan 1.99_kb2c
What I'm seeing in terms of packet flow is they try to negotiate an SA,
but get a no-proposal-chosen response from the remote end.
The configs that I have for them are :
config setup
interfaces="..."
nat_traversal=yes
virtual_private=vnet:%all
conn %default
keyingtries=0
conn test
authby=secret
left=10.0.2.2
leftnexthop=%direct
compress=no
leftsubnet=10.0.3.0/24
right=10.0.0.3
rightsubnet=10.0.1.0/24
rightnexthop=%direct
auto=start
Any help is appreciated. Cheers,
Dave
--
Dave Harrison, Systems Administrator, Sensory Networks
email: David.Harrison@sensorynetworks.com
phone: [W] +61-2-8302-2700
fingerprint: E29F 2D6A FA27 5B0B B429 F8D3 5318 22D6 E775 2241
Reply to: