I have a machine running with freeswan and can get into it no problem with a
routable IP, but not when the roadwarrior is behind a firewall with RFC 1918
IP. I have NAT-T checked for sentinel. Is it possible to get it to work
behind a firewall? The remote laptop has win2k in a 192.168.1.0/24 network
# Sentinal Roadwarrior VPN connection
conn sentinel-vpn
left=A.B.C.D
leftnexthop=A.B.C.D+1
leftsubnet=192.168.0.0/24
right=%any
rightsubnet=
rightnexthop=
keyexchange=ike
keylife=8h
keyingtries=0
pfs=yes
authby=secret
auto=add
ERRORS:
Apr 30 13:08:54 ivan Pluto[20197]: packet from E.F.G.H:500: ignoring Vendor
ID payload
Apr 30 13:08:54 ivan Pluto[20197]: "sentinel-vpn" E.F.G.H #258: responding
to Main Mode from unknown peer E.F.G.H
Apr 30 13:08:54 ivan Pluto[20197]: "sentinel-vpn" E.F.G.H #258: ignoring
informational payload, type IPSEC_INITIAL_CONTACT
Apr 30 13:08:54 ivan Pluto[20197]: "sentinel-vpn" E.F.G.H #258: no suitable
connection for peer '192.168.1.230'
Apr 30 13:09:25 ivan Pluto[20197]: ERROR: asynchronous network error report
on eth0 for message to E.F.G.H port 500, complainant E.F.G.H: Connection
refused [errno 111, origin ICMP type 3code 3 (not authenticated)]
Apr 30 13:10:04 ivan Pluto[20197]: "sentinel-vpn" E.F.G.H #258: max number
of retransmissions (2) reached STATE_MAIN_R2
Apr 30 13:10:04 ivan Pluto[20197]: "sentinel-vpn" E.F.G.H: deleting
connection "sentinel-vpn" instance with peer E.F.G.H
Best regards,
Andrew Judge
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:57 CEST