IPv6 readyNote: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

RE: [Users] WLAN with the roadwarriors

From: Andreas Steffen (andreas.steffen_at_strongsec.net)
Date: Fri Jun 21 2002 - 15:59:28 CEST

If a peer is behind a NAT-box then the original IP address
behind the NAT-box becames a client subnet in the
connection definition in ipsec.conf. Example:

 Subnet === FreeS/WAN ---- NAT-Box -- VPN Client
x.x.x.x/y z.z.z.z a.a.a.a b.b.b.b

conn nat-client
        right=a.a.a.a
        rightsubnet=b.b.b.b/32
        left=z.z.z.z
        leftsubnet=x.x.x.x/y

If I'v got it correctly in your case this would be

conn nat-client
        right=212.144.154.91
        rightsubnet=b.b.b.b/32
        left=192.168.123.151/32
        leftsubnet=192.168.100.0/24

This is actually the connection definiton FreeS/WAN is desperately
looking for:

> cannot respond to IPsec SA request because no connection is known for
> 92.168.100.0/24===217.110.29.82[...]...212.144.154.91[...]===
> 192.168.123.151/32

Regards

Andreas

======================================================================
Andreas Steffen e-mail: andreas.steffen_at_zhwin.ch
Zuercher Hochschule Winterthur home: http://www.zhwin.ch/~sna/
CH-8401 Winterthur (Switzerland) phone: +41 76 340 25 56
===============================================================[ZHW]==

> -----Original Message-----
> From: users-admin_at_lists.freeswan.org
> [mailto:users-admin_at_lists.freeswan.org]On Behalf Of Harry Brueckner
> Sent: Freitag, 21. Juni 2002 14:00
> To: tjoen
> Cc: users_at_lists.freeswan.org
> Subject: Re: [Users] WLAN with the roadwarriors
>
>
> Hi,
>
> tjoen wrote:
> >>I have a FreeSWAN system (with the x509 patch) up and running which
> >>works fine for a network layout like this:
> >
> >
> >>Roadwarrior <-1-> WLAN-Router <-2-> Internet <-3-> FreeSWAN GW
> >>(WLAN)
> >>
> >>1: NAT
> >>2: Official IP address
> >>3: Official IP address
> >
> >
> > I had this working with a normal (non-WLAN) router.
> >
> >
> >>cannot respond to IPsec SA request because no connection is known for
> >>192.168.100.0/24===217.110.29.82[...]...212.144.154.91[...]===
> >>192.168.123.151/32
> >
> > Is the connection defined in ipsec.conf?
>
> The connection on the FreeSWAN side is well defined and works as long as
> the roadworrior connects directly to the internet without NAT.
>
> For the roadwarrior side I have nothing special defined about the IP
> address.
>
> My version of FreeSWAN is 1.96 btw.
>
> --
>
> Harry Brückner
> Systemadministration
>
> orange digital GmbH
>
> fon 49 89 660 29 12 - 0
> fax 49 89 660 29 12 - 99
> mail harry.brueckner_at_orange-digital.de
> web http://www.orange-digital.de
>
> Goethestraße 34.1 - 80336 München - Germany
>

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:16 CEST