Thank you Matthew. It fixed our problem. Regards, Murat
On Mon, Apr 19, 2010 at 10:26 PM, Matthew Grooms <[email protected]> wrote: > On 4/6/2010 8:31 PM, Murat Sezgin wrote: >> >> Hi, >> >> I am using your shrewsoft VPN client 2.15 version on my windows (vista / >> 7) machines to connect to a VPN router which is running >> openswan.2.6.24.rc4. The first phase ISAKMP is established successfully. >> After this phase on the shrewsoft client it shows that connection is >> established. But on the openswan side, it is waiting for the pahse 2 >> (IPSec SA). And I see the below error repeatedly. Shrewsoft is behind a >> NAT router and the subnet is 192.168.3.0/24 <http://192.168.3.0/24>. The >> VPN router's local net is 192.168.0.0/24 <http://192.168.0.0/24> and WAN >> IP is 192.168.5.112. The NAT router's WAN IP is 192.168.5.114 and >> connected to the VPN router's WAN port. >> >> I am not using the certification authentication, I am using PSK. What >> can cause this error? I searched on your support site and the openswan >> mailing list archives, but I couldn't find any solution. The same >> configuration of VPN router is working fine with the Greenbow VPN client >> and Openswan Linux client, but it is failing with shrewsoft with the >> below error. >> > > Hi Murat, > > It looks like you didn't specify an include network in the policy tab. This > causes the client to negotiate a single IPsec SA to tunnel all traffic > through. Try adding the 192.168.0.0/24 network as an include network in the > policy tab of the client site configuration. > > Hope this helps, > > -Matthew > -- Murat Sezgin _______________________________________________ vpn-help mailing list [email protected] http://lists.shrew.net/mailman/listinfo/vpn-help
