Hi Paul, Sorry for taking a long time to get back (I was out of office last week).
I have uploaded the latest log files at: https://file.town/download/7wt9a05p7mwym05mzr4dox4q7 https://file.town/download/fxn6861zvcra5qu3q9cv9c3l0 On the non-natt'ed side, I see: Apr 18 22:52:26 vvr-10-69-244-1 pluto[8148]: vpn-5483483: "conn_vpn-5483483-tunnel-VPNRemoteRoutedSubnet-tunnel-10.0.0.0/24" #2: no suitable connection for peer '10.0.3.3' Apr 18 22:52:26 vvr-10-69-244-1 pluto[8148]: | vpn-5483483: complete v1 state transition with INVALID_ID_INFORMATION Apr 18 22:52:26 vvr-10-69-244-1 pluto[8148]: vpn-5483483: "conn_vpn-5483483-tunnel-VPNRemoteRoutedSubnet-tunnel-10.0.0.0/24" #2: sending encrypted notification INVALID_ID_INFORMATION to 199.204.218.98:500 It recognizes the ip 10.0.3.3 which is behind NAT on the other end. Tcpdump on non-natt'ed side only see packets from the public IP, not 10.0.3.3 Thanks, Xinwei On Sat, Apr 8, 2017 at 3:09 PM, Paul Wouters <[email protected]> wrote: > On Fri, 7 Apr 2017, Xinwei Hong wrote: > > I just upgraded it to 3.20. I built libreswan without specifying any >> parameter. I don't need klips in my setting anyway. I also >> added virtual-private=%v4:10.0.0.0/8. Still not working. >> The NAT part, I'm not sure why you say that. I still see same >> "no suitable connection for peer '10.0.3.3'" error, but I believe it's >> found inside of isakmp pkts. I did tcpdump on both >> machines, the ip was nat'ed. e.g. only see 10.0.3.3 on one side >> and 199.204.218.98 on the peer side. >> >> I can upload new log if needed. >> > > I can have a look if you upload new logs. But please do not use that > dropbox API because I cannot search and scroll through that. A link > the actual files would be better so I can download these and have a > look. > > Paul >
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
