[strongSwan] net-net psk - behind Nat

Leandro . frr8rrf at gmail.com
Sun Mar 11 04:39:13 CET 2012


Hi, I was trying to config my vpn using certs by I gave up for while.
In my test enviroment I change the config to PSK and did work.
But, in my test, the interface external has the external IP, and there is
no problem.

For my project, I need to do these machines conecting behind a NAT, - there
is a DSL box in front.

I put in the ipsec.conf as below,  and did rules in the adsl modem, to
redirect UDP/500 to gateway linux - I did this in both sides.

conn net-net
        left=<my external IP>
        leftsubnet=10.0.0.0/8
        leftid=@gwlinux-vm
        leftfirewall=yes
        right=<Remote external IP>
        rightsubnet=172.16.0.0/16
        rightid=@gwlinux
        auto=add


but didn't work.

gwlinux-vm:/etc/init.d # ipsec up net-net
initiating IKE_SA net-net[1] to <remote ip>
generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]
sending packet: from <my ip>[500] to <remote ip>[500]
retransmit 1 of request with message ID 0
sending packet: from <my ip>[500] to <remote ip>[500]
retransmit 2 of request with message ID 0
sending packet: from <my ip>[500] to <remote ip>[500]
retransmit 3 of request with message ID 0
sending packet: from <my ip>[500] to <remote ip>[500]
retransmit 4 of request with message ID 0
sending packet: from <my ip>[500] to <remote ip>[500]
retransmit 5 of request with message ID 0
sending packet: from <my ip>[500] to <remote ip>[500]
giving up after 5 retransmits
establishing IKE_SA failed, peer not responding


Is there something else ?
-- 
*Jefferson Leandro*
*Curitiba - BR*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120311/33936fcd/attachment.html>


More information about the Users mailing list