IPv6 readyNote: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

[Users] Why does FreeSwan care about NAT? Was: Re: a "no suitable connection for peer" error

From: Maurice Volaski (mvolaski_at_aecom.yu.edu)
Date: Fri Apr 26 2002 - 16:51:19 CEST

> > home computer (Mac with PGPNet 6.5.8) with IP 192.168.1.100 connects
>> to a LinkSys DSL router and appears on Internet with a DHCP-assigned
>> Verizon IP address, 141.155.187.188
>>
>> freeswan computer which is directly on the Internet with IP
>> 129.98.91.147 to ultimately to connect to some computer in a
>> 129.98.x.x subnet.
>....
>> Apr 25 18:26:24 kennedy Pluto[9424]: "rw" 141.155.187.188 #1: no
>> suitable connection for peer '192.168.1.100'
>>
>>
>> The ipsec.conf is as follows..
>...
>> conn %default
>> keyingtries=1
>> authby=secret
>> left=%defaultroute
>> conn rw
>> right=%any
>> auto=add
>>
>> ipsec.secrets..
>> 129.98.91.147 %any: "my very secret secret"
>
>I have experimented with a similar configuration.
>NAT is the problem. I gave up.
>Experiments with the x509 patch look very promising:
>Got as far as "SA established"

I would think there are MANY people with NAT at home now, so it
strikes me as odd that FreeSwan doesn't work with this. Why should it
care anyway? Isn't supposed to accept any address on the right side?
How would x509 even be relevant? 

-- 

Maurice Volaski, mvolaski_at_aecom.yu.edu
Computing Support, Rose F. Kennedy Center
Albert Einstein College of Medicine of Yeshiva University
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:56 CEST