[Openswan Users] freeswan-1.99: cannot respond to IPsec SA

Wolfman BulletinCatcher at web.de
Mon Mar 29 23:41:29 CEST 2004 

Hi,
I got a very similar Problem, if not the same:
I have the NAT-T patch installed and working (finally), but it didn't help. 
Some TIP: Kompile Kernel without patches, apply patch fox x.509, compile it 
again, apply NAT-T patch, compile it again. It really takes time, but 
whenever I tried it on another way, it failed. So this are nearly 5 
compiler runs.

Ok, back to the Problem, as I said, my NAT-T is working:
Mar 29 21:17:29 Linuxserver pluto[2218]: Starting Pluto (Openswan Version 
2.1.0 X.509-1.4.8 PLUTO_USES_KEYRR)
Mar 29 21:17:29 Linuxserver pluto[2218]:   including NAT-Traversal patch 
(Version 0.6c)

I found something in the google groups, that told me to write down the 
remote IP into my ipsec.conf. I did so, nothing changed
I pasted my ipsec.conf and my auth.log. If someone knows how to help, would 
be great.

psec.conf:
config setup
         nat_traversal=yes

# Add connections here.

conn %default
         keyingtries=0
         disablearrivalcheck=no
         authby=rsasig
         rightrsasigkey=%cert
         auto=add
         left=%defaultroute
         leftrsasigkey=%cert
         leftcert=VPN-Gateway-Cert.pem
         leftid="<Certificate ID>"
         leftupdown=/usr/lib/ipsec/_updown_x509

conn p2n
         right=%any
         leftsubnet=192.168.107.0/24
         rightsubnet=192.168.107.123/32

conn n2n
         right=%any
         rightsubnetwithin=192.168.0.0/24
         leftsubnet=192.168.107.0/24
         rightsubnet=192.168.107.123/32

conn block
         auto=ignore

conn private
         auto=ignore

conn private-or-clear
         auto=ignore

conn clear
         auto=ignore

conn packetdefault
         auto=ignore

-------------------------------------------------

auth.log:
Mar 29 21:17:41 Linuxserver pluto[2218]: "p2n"[2] 192.168.107.123 #1: 
transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Mar 29 21:17:41 Linuxserver pluto[2218]: "p2n"[2] 192.168.107.123 #1: sent 
MR3, ISAKMP SA established
Mar 29 21:17:41 Linuxserver pluto[2218]: "p2n"[2] 192.168.107.123 #1: 
cannot respond to IPsec SA request because no connection is known for 
80.137.27.45[<Certificate ID>]:17/1701...192.168.107.123[<Certificate 
ID>]:17/1701
Mar 29 21:17:42 Linuxserver pluto[2218]: "p2n"[2] 192.168.107.123 #1: Quick 
Mode I1 message is unacceptable because it uses a previously used Message 
ID 0x670b6e24 (perhaps this is a duplicated packet)
Mar 29 21:17:56 Linuxserver last message repeated 3 times
Mar 29 21:17:59 Linuxserver pluto[2218]: "p2n"[2] 192.168.107.123 #1: 
received Delete SA payload: deleting ISAKMP State #1
Mar 29 21:17:59 Linuxserver pluto[2218]: "p2n"[2] 192.168.107.123: deleting 
connection "p2n" instance with peer 192.168.107.123 {isakmp=#0/ipsec=#0}

More information about the Users mailing list