[Openswan Users] FAQ, no connection is known for ...
Roland Roberts
roland at astrofoto.org
Wed Jul 18 20:40:36 EDT 2007
Paul Wouters wrote:
> On Wed, 18 Jul 2007, Roland Roberts wrote:
>
>> Jul 18 16:18:09 tycho pluto[1410]: "rlent"[2] 208.54.65.47 #2: cannot
>> respond to IPsec SA request because no connection is known for
>> 192.168.3.0/24===216.254.78.84[@gw.astrofoto.org]...208.54.65.47[@aristarchus.rlent.pnet]===10.250.102.177/32
>>
>> Here is the gateway configuration:
>
> You didn't include your config setup part. Does it include 10.0.0.0/8 in virtual_private?
> Does it have nat_traversal enabled?
Sorry, the main config, in its entirety is:
--snip--
# /etc/ipsec.conf - Openswan IPsec configuration file
#
# Manual: ipsec.conf.5
#
# Please place your own config files in /etc/ipsec.d/ ending in .conf
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing"
nat_traversal=yes
include /etc/ipsec.d/*.conf
--snip--
I don't know what virtual_private is :-( I'm reading the
README.NAT-Traversal and still don't understand it. I've added the line
to my ipsec.conf on the gateway; is that correct?
>
> [...snip...]
>
> Missing: rightsubnet=vhost:%priv,%no
I've added this to the conf on the laptop, is that correct?
I'll try this next time I'm out. I'm about to go traveling, so I may
have plenty of opportunities....
I'm having some other problems with a different configuration, but I'll
post separately....
--
PGP Key ID: 66 BC 3B CD
Roland B. Roberts, PhD RL Enterprises
roland at rlenter.com 6818 Madeline Court
roland at astrofoto.org Brooklyn, NY 11220
More information about the Users
mailing list