[strongSwan] Fwd: (VPNServer == <NAT> === router ==== internet === VPN Client ) getting failed / not able to establish the connection.
ramakanth varala
ramakanth.varala at gmail.com
Tue Dec 4 19:53:16 CET 2012
Hello all,
Iam bit new to IPSec VPN and trying to figure it out how can run this
VPNServer on my dual core board.
First board is ARM with 10.10.16.8 (WAN) as its interface second interface
on same board 192.168.1.1
Second board is ATOM runnig on 192.168.1.254 .
Running VPN Server in ATOM and kept a DNAT at ARM using Iptable rules to
follow all packets 10.10.16.8:500 and 10.10.16.8:4500 to 192.168.1.254:500and
192.168.1.254:4500
here is a typical block diagram with ip's.
Here all ips can ping each other.
router (10.90.200.1) ======= dual core board ( Wan board 10.10.15.8 |
Lan board 192.168.1.254)
||
||=============== LAN PC (10.90.200.2)
my ipsec.conf is like below
# cat /var/etc/ipsec/ipsec.conf
config setup
charonstart=no
plutodebug=all
plutostderrlog=/var/pluto.txt
nat_traversal=yes
conn %default
ikelifetime=10m
keylife=10m
rekeymargin=500s
rekeyfuzz=0%
keyingtries=1
keyexchange=ikev1
conn host-host
right=10.90.200.2
xauth=server
left=%defaultroute
leftid=10.10.15.8
leftsubnet=192.168.1.1/24
forceencaps=yes
leftfirewall=yes
rightsourceip=10.90.200.1/24
auto=add
modeconfig=push
authby=xauthpsk
The error i see at /var/pluto.txt is like below when i initiate a
connection from Remote IPSec Client at LAN PC
*| peer: 0a 5a c8 02
| state hash entry 27
| state object not found
packet from 10.90.200.2:4500: Quick Mode message is for a non-existent
(expired?
| next event EVENT_REINIT_SECRET in 3397 seconds*
**
**
Can you please guide me where am i going wrong.
Your help would be highly appreciated.
--RamaKanth
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20121205/875cf9d5/attachment.html>
More information about the Users
mailing list