Hello all,
I have a Phoenix Contact GSM modem that I've been trying to configure as a VPN server. The device is a Linux box running strongSwan, and because of the web interface I have very limited control over the configuration. I've been trying to connect to it without luck. It gets through the Phase 1 authentication and then fails at Phase 2. The problem seems to be a NAT problem (where I don't know), as here is the relevant error from the log (IPs replaced): Oct 11 11:30:12 pluto[1405]: "vpn1"[2] [office_ip]:4500 #1: cannot respond to IPsec SA request because no connection is known for 192.168.9.0/24===[modem_ip]:4500...[office_ip]:4500[192.168.0.15]===192.168. 0.240/32 Here's what I can tell you: PSK for auth, not using certs On the GSM modem: Internal IP address: 192.168.0.1 External IP address: [modem_ip] (on the VPN settings page): "Address Remote Network": 192.168.9.0/24 "Address Local Network": 192.168.0.0/24 Local 1:1 NAT is unchecked Office's setup: Our router address: 192.168.0.1 External IP address: [office_ip] My computer's IP address: 192.168.0.15 VPN client setup (GreenBow, tried Windows' built-in functionality first): VPN client address: 192.168.0.240 Address type: subnet address Remote LAN address: 192.168.9.0 Subnet mask: 255.255.255.0 The GreenBow client told me "Wrong Remote Address", and when I try to connect with Windows it tells me "Error 789: The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer." and the modem's log shows: Feb 20 13:08:43 pluto[1162]: "vpn1"[2] [office_ip]:58385 #1: cannot respond to IPsec SA request because no connection is known for [modem_ip]:4500:17/1701...[office_ip]:58385[192.168.0.15]:17/1701===192.168. 0.15/32 In Windows, I have the VPN connection's security set to L2TP/IPSec with the PSK in place in the advanced settings, everything else left as default. Any help would be greatly appreciated. I've tried so many different combinations in all the fields with IP addresses without any luck. Is this a problem with my office's router, the GSM router, or what? It's got to be some sort of NAT problem. Regards, Jacob Abel Project Engineer Accuflow, Inc. 4801 District Blvd. Bakersfield, CA 93313 <http://www.accuflow.com/> www.accuflow.com
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
