I'm currently using ASL 4.017 and SSH Sentinel 1.4.1 (build 98) in a host-to-net-scenario, following the description in X509_Host_to_Net.pdf.
Because my Client is NATèd by a DSl-Router i enabled NAT-T on both Sentinel and ASL. IPsec-Passthrough on my DSL-router is disabled.
Here my configuration in detail:
Sentinel client--- DSL-Router (doing NAT) --- ASL --- internal network
Client-IP: 192.168.10.101
DSL-Router external IP: 217.x.x.x
ASL-external IP: 217.y.y.y
internal network: 192.168.1.0
I assigned on the ASL a virtual IP for my connection: 192.168.2.12
and on the client-side in Sentinel a enabled "Aquire virtual Ip-address" and entered manually the same IP as above and as netmask 255.255.255.0.
When i try to connect my livelog prints (after correctly detecting NAT and mapping from UDP 500 to 4500):
* cannot respond to IPsec SA request because no connection is known for 0.0.0.0/0===217.y.y.y:4500 [@217.y.y.y]...217.x.x.x:4500 [user@nospam.com]===192.168.2.12/32
I never assigned a netmask of /32 for the virtual IP!
On the ASL i found no possibility at all to define a netmask for a virtual IP and in Sentinel i defined /24. Is it a bug?
Do i have to edit ipsec.conf manually to correct the wrong netmask? Or is there a different reason for the failing vpn-connection?
Thanks in advance,
Sam
This thread was automatically locked due to age.
