Hi list,

i googled and rtfm+faq on freeswan.org for some hours but cannot
find a solution for the example

192.168.1.0/24 as Subnet1 -->
192.168.1.1 : 10.10.10.1 as FreeS/Wan Router 1-->
192.168.10.11 : ext.ip.addr.no1 as external router does nat -->
INTERNET

INTERNET <-- ext.ip.addr.no2 : 192.168.2.1 : as FreeS/Wan Router 2
192.168.2.0/24 as Subnet 2

The error is ever the same:

packet from ext.ip.addr.no1:xxx: initial Main Mode message received on
ext.ip.addr.no2:500 but no connection has been authorized

I think the problen is the router that does NAT because FreeS/Wan Router 1
gots an privat IP that not routeable.

ipsec.conf on freeS/Wan Router 1

conn snt
           left=10.10.10.1
           leftsubnet=192.168.1.0/24
           leftnexthop=192.168.10.11
           leftrsasigkey=xxx
           leftfirewall=yes

           right=ext.ip.adrr.no2
           rightsubnet=192.168.2.0/24
           rightnexthop=
           rightrsasigkey=xxx

           auto=start

ipsec.conf on freeS/Wan Router 2

conn snt
           left=10.10.10.1
           leftsubnet=192.168.1.0/24
           leftnexthop=192.168.10.11
           leftrsasigkey=xxx
           leftfirewall=yes

           right=ext.ip.adrr.no2
           rightsubnet=192.168.2.0/24
           rightnexthop=
           rightrsasigkey=xxx

           auto=add

In the FAQ i read, that this error only occurs if left/right or
leftsubnet/rightsubnet differs, but they dont.

????

Michael

-- 
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]