[Openswan Users] freeswan-1.99: cannot respond to IPsec SA

Dennis Leist dl at byteeffect.de
Mon Mar 29 18:22:48 CEST 2004 

Hi all,

Due to troubles with freeswan-2.04_1.4.8-12 I try to use
freeswan-1.99_0.9.34-80 (www.suse.de/~garloff/linux/FreeSWAN/).


/---------------\     /---------------\     /---------------\    
/---------------\
| Linux 2.4.19  |     |  Speed Touch  |     | W-Lan Router  |    | WINX 
XP       |
| 62.210.20.146 |<----| 62.210.20.145 |<----| WAN-IP:       |<---| 
W-LAN-IP:     |
| SuSE 9.0      |     | No NAT at all |     | 213.39.205.80 |    | 
192.168.1.99  |
\---------------/     \---------------/     \---------------/    
\---------------/

VPN-Server: SuSE 9.0, SpeedTouch: static IP, freeswan-1.99_0.9.34-80

<snip v/l/m>
vpnserver pluto[24299]: "w2k-client"[4] 213.39.205.80 #2: cannot respond 
to IPsec SA request because no connection is known for 
62.206.19.146[C=DE, ST=Hamburg, L=Hamburg, CN=<Admin 
CN>]:17/0...213.39.205.80[C=DE, ST=Koeln, CN=<User 
CN>]:17/1701==={192.168.1.99/32}
vpnserver pluto[24299]: "w2k-client"[4] 213.39.205.80 #2: sending 
encrypted notification INVALID_ID_INFORMATION to 213.39.205.80:500
vpnserver pluto[24299]: "w2k-client"[4] 213.39.205.80 #2: Quick Mode I1 
message is unacceptable because it uses a previously used Message ID 
0xee13aa39 (perhaps this is a duplicated packet)
vpnserver pluto[24299]: "w2k-client"[4] 213.39.205.80 #2: sending 
encrypted notification INVALID_MESSAGE_ID to 213.39.205.80:500
vpnserver pluto[24299]: "w2k-client"[4] 213.39.205.80 #2: Quick Mode I1 
message is unacceptable because it uses a previously used Message ID 
0xee13aa39 (perhaps this is a duplicated packet)
vpnserver pluto[24299]: "w2k-client"[4] 213.39.205.80 #2: sending 
encrypted notification INVALID_MESSAGE_ID to 213.39.205.80:500
vpnserver pluto[24299]: "w2k-client"[4] 213.39.205.80 #2: Quick Mode I1 
message is unacceptable because it uses a previously used Message ID 
0xee13aa39 (perhaps this is a duplicated packet)
vpnserver pluto[24299]: "w2k-client"[4] 213.39.205.80 #2: sending 
encrypted notification INVALID_MESSAGE_ID to 213.39.205.80:500
vpnserver pluto[24299]: "w2k-client"[4] 213.39.205.80 #2: received 
Delete SA payload: deleting ISAKMP State #2
vpnserver pluto[24299]: "w2k-client"[4] 213.39.205.80: deleting 
connection "w2k-client" instance with peer 213.39.205.80
<snap v/l/m>


What do I need to change in ipsec.conf to make it run?
I donn't understand the first error. What is wrong with my ipsec.conf?

If you need any more information, I'll be glad to provide it !!
Thanks in advance.

<snip ipsec.conf>

config setup
        interfaces=%defaultroute
        klipsdebug=none
        plutodebug=none
        plutoload=%search
        plutostart=%search
        uniqueids=yes

conn %default
        keyingtries=0
        disablearrivalcheck=no
        authby=rsasig
        leftrsasigkey=%cert
        rightrsasigkey=%cert

conn w2k-client
        left=62.210.20.146
        leftnexthop=62.210.20.145
        leftrsasigkey=%cert
        leftcert=gatecert.pem
        leftprotoport=17/0
        right=%any
        rightrsasigkey=%cert
        pfs=no
        rightsubnet=192.168.1.99/32
        rightprotoport=17/1701
        keyingtries=0
        disablearrivalcheck=no
        auto=add
<snap : ipsec.conf>

More information about the Users mailing list