[Vpn-help] No IPSEC SA after ISAKMP
David Santinoli
marauder at tiscali.it
Fri Oct 19 05:40:16 CDT 2007
On Thu, Oct 18, 2007 at 08:04:02PM -0500, Matthew Grooms wrote:
> >
> >Note, however, this line in the Pluto log:
> >Oct 17 11:37:06 gw pluto[31249]: "rw2"[1] PEER_IP #1: NAT-Traversal: Only
> >0 NAT-D - Aborting NAT-Traversal negociation
> >
> >Can this be the showstopper? (From what I found on the net, this
> >message seems to indicate that the client didn't send the hashes of
> >the IP addresses which are required to find out which side is
> >NAT-ed.)
>
> I looked at this and it was yet another regression that crept into the
> 2.1 branch. I back-ported the fix for loading password protected pem
> files into a 2.0.2 branch which I would like to release very soon. If
> you could test it and let me know how things work out for you I would
> greatly appreciate it.
Hi Matthew,
I've just done a test run with the 2.0.2 client, but the
"NAT-Traversal: Only 0 NAT-D - Aborting NAT-Traversal negociation"
message still shows up in the Pluto log, and the IPSEC SA does not get
established. The situation looks the same as before, including that
trivial Client Netmask vanishing bug.
And yes, I'm sure I'm using the new 2.0.2. :-)
Unrelated to this, I would like to ask two questions:
- Will the Windows client ever be released as open source?
- I think it would be nice to include the certificates and the private
key in the configuration file (the client by TheGreenBow does so),
as this would greatly ease the configuration by the end-user.
Any plans for developing such a feature?
Many thanks,
David
--
David Santinoli
Tieffe Sistemi S.r.l. viale Piceno 21, Milano
www.tieffesistemi.com tel. +39 02 45490882
More information about the vpn-help
mailing list