PM: Re: [Openswan Users] freeswan-1.99: cannot respond to IPsec SA

Dennis Leist dl at byteeffect.de
Tue Mar 30 19:39:59 CEST 2004 

Jacco de Leeuw schrieb:

>> Plaease consider, that I haven't NAT-T so far for I need to patch the 
>> kernel.
>
>
> Then we can probably conclude that IPsec passthrough probably
> does not work in Transport Mode
>
Does that mean, that the _certs_ _are_ _okay_?

> So I think you are still stuck with the two options plain IPsec
> or NAT-T.
>
> There's one thing that you could try:
>
> rightsubnetwithin=192.168.1.99/24
> instead of:
> rightsubnet=192.168.1.99/32

I still get the same errs:

vpnserver pluto[19535]: "w2k-client"[7] 213.39.177.214 #5: only 
OAKLEY_GROUP_MODP1024 and OAKLEY_GROUP_MODP1536 supported.
  Attribute OAKLEY_GROUP_DESCRIPTION
vpnserver pluto[19535]: "w2k-client"[7] 213.39.177.214 #5: Peer ID is 
ID_DER_ASN1_DN: 'C=DE, ST=Koeln, O=MPG Music Pool Gm
bH, OU=Promotion, CN=<VPN USER>, E=huber at music-pool.net'
vpnserver pluto[19535]: "w2k-client"[8] 213.39.177.214 #5: deleting 
connection "w2k-client" instance with peer 213.39.177.
214
vpnserver pluto[19535]: "w2k-client"[8] 213.39.177.214 #5: sent MR3, 
ISAKMP SA established
vpnserver pluto[19535]: "w2k-client"[8] 213.39.177.214 #5: cannot 
respond to IPsec SA request because no connection is kno
wn for 62.206.20.146[C=DE, ST=Hamburg, L=Hamburg, CN=Dennis 
Leist]:17/1701...213.39.177.214[C=DE, ST=Koeln, CN=<VPN USER>
]:17/1701==={192.168.1.99/32}
vpnserver pluto[19535]: "w2k-client"[8] 213.39.177.214 #5: sending 
encrypted notification INVALID_ID_INFORMATION to 213.39
.177.214:500
 vpnserver pluto[19535]: "w2k-client"[8] 213.39.177.214 #5: Quick Mode 
I1 message is unacceptable because it uses a previou
sly used Message ID 0xd404f25f (perhaps this is a duplicated packet)
 vpnserver pluto[19535]: "w2k-client"[8] 213.39.177.214 #5: sending 
encrypted notification INVALID_MESSAGE_ID to 213.39.177
.214:500
vpnserver pluto[19535]: "w2k-client"[8] 213.39.177.214 #5: Quick Mode I1 
message is unacceptable because it uses a previou
sly used Message ID 0xd404f25f (perhaps this is a duplicated packet)
vpnserver pluto[19535]: "w2k-client"[8] 213.39.177.214 #5: sending 
encrypted notification INVALID_MESSAGE_ID to 213.39.177
.214:500
vpnserver pluto[19535]: "w2k-client"[8] 213.39.177.214 #5: Quick Mode I1 
message is unacceptable because it uses a previou
sly used Message ID 0xd404f25f (perhaps this is a duplicated packet)
vpnserver pluto[19535]: "w2k-client"[8] 213.39.177.214 #5: sending 
encrypted notification INVALID_MESSAGE_ID to 213.39.177
.214:500

Many THX for the help for far.
Greets Dennis

More information about the Users mailing list