Mailinglist Archive: opensuse-security (409 mails)

< Previous Next >
FreeS/wan trough NATing Router
Hi list,

i googled and rtfm+faq on freeswan.org for some hours but cannot
find a solution for the example

192.168.1.0/24 as Subnet1 -->
192.168.1.1 : 10.10.10.1 as FreeS/Wan Router 1-->
192.168.10.11 : ext.ip.addr.no1 as external router does nat -->
INTERNET

INTERNET <-- ext.ip.addr.no2 : 192.168.2.1 : as FreeS/Wan Router 2
192.168.2.0/24 as Subnet 2

The error is ever the same:

packet from ext.ip.addr.no1:xxx: initial Main Mode message received on
ext.ip.addr.no2:500 but no connection has been authorized

I think the problen is the router that does NAT because FreeS/Wan Router 1
gots an privat IP that not routeable.

ipsec.conf on freeS/Wan Router 1

conn snt
left=10.10.10.1
leftsubnet=192.168.1.0/24
leftnexthop=192.168.10.11
leftrsasigkey=xxx
leftfirewall=yes

right=ext.ip.adrr.no2
rightsubnet=192.168.2.0/24
rightnexthop=
rightrsasigkey=xxx

auto=start

ipsec.conf on freeS/Wan Router 2

conn snt
left=10.10.10.1
leftsubnet=192.168.1.0/24
leftnexthop=192.168.10.11
leftrsasigkey=xxx
leftfirewall=yes

right=ext.ip.adrr.no2
rightsubnet=192.168.2.0/24
rightnexthop=
rightrsasigkey=xxx

auto=add

In the FAQ i read, that this error only occurs if left/right or
leftsubnet/rightsubnet differs, but they dont.

????

Michael


< Previous Next >
This Thread
  • No further messages