I'm currently testing Astaro ASL to make a VPN Gateway.
I've got a problem with roadwarriors.
They work when not nated (POTS access), but they don't when nated (GPRS Access) in both L2TP and plain IPSEC.
The error is :
2005:07:22-10:11:35 (none) pluto[28176]: "D_Test_UXVPN_IPSEC_0"[8] 194.51.100.246 #11: cannot respond to IPsec SA request because no connection is known for 3.0.0.0/8===84.101.x.x[C=FR, ST=xxx, L=Vxxxx, O=Exxxxx, OU=Inxxxxxx, CN=uxvpn, E=root@localhost]...194.51.x.x[C=FR, ST=xxx, L=Vxxxx, O=Exxxxx, OU=Ixxxxxxx, CN=groxxxxx, E=groxxxxx@mydomain.fr]===10.15.x.x/32
Is it a known issue ? Is there a solution?
Other thing.
I've got the same problem (and error) when in plain ipsec with NCP client for example, when i don't use "local ip" but 'manual ip'.
Info :
All of this work with openswan, kernel 2.6 and ipsec native on a Mandriva distrib. But I'd like to make Astaro working because i'm interested by some features attributing an address pool depending on the distinguish name of the x509 cert.
Thanks.
This thread was automatically locked due to age.
