L2TP over IPSec ERROR: such policy does not already exist

Home Page Forums Network Management VPN L2TP over IPSec ERROR: such policy does not already exist

This topic contains 1 reply, has 0 voices, and was last updated by  lutzh 7 years, 5 months ago.

Viewing 1 post (of 1 total)
  • Author
    Posts
  • #43120

    lutzh
    Member

    I get errors of this type in the IPSec log when the client sits behind a NAT router.

    When I enable NAT-T in Zeroshell beta 16, the IP address in the error message is that of the NAT gateway of the client. When I disable NAT-T in Zeroshell, the IP address in the error message is the private IP address.

    When no NAT is involved, no errors.

    Interesting post here from gideon: http://www.zeroshell.net/eng/forum/viewtopic.php?t=1368

    “i am trying to connect to zeroshell l2tp VPN from a client behinde a NAT.
    When i enable NAT-T option in zeroshell, i’m reciving:

    ERROR: such policy does not already exist: “93.175.xxx.xxx/32[64370] 91.205.xxx.xxx/32[1701] proto=udp dir=in”
    ERROR: such policy does not already exist: “91.205.xxx.xxx/32[1701] 93.175.xxx.xxx/32[64370] proto=udp dir=out”

    but when im first connect from NAT machine, then from machine behinde NAT all working till i reboot server or restart l2tp daemon”

    So this means he had to force this policy thing into existance. This is not practical as the NAT may be managed by your mobile phone network provider. Any chance to create that missing policy thing?

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.