[Openswan Users] no connection is known for...

Jacco de Leeuw jacco2 at dds.nl
Mon May 24 23:38:07 CEST 2004


Mark Frost schreef:

> In any case, my l2tpd.conf file does have only local private network 
> addresses in it -- i.e. 172.16.*.* :

Oops, sorry about this. I overlooked the start of this thread where
you mention this. You're right, your l2tpd.conf is not the problem.
The problem is NAT.

I must admit that I have not yet tested NAT-T with Openswan but after
a bit of bad luck (fried disk) I finally got a test setup in place.
I hope to have a go at it soon.

> conn %default
>    compress=yes

Should be disabled. Windows does not support IPsec compression.

>    #
>    # The remote user.
>    #
>    right=%any
>    rightrsasigkey=%cert
>    rightcert=/etc/ipsec.d/certs/mfrost99.pem
>    rightsubnet=192.168.1.0/24
>    rightprotoport=17/1701

> May 24 15:07:26 outpost pluto[7275]: "L2TP-CERT"[1] 24.45.15.131:4500 
> #2: cannot respond to IPsec SA request because no connection is known 
> for <OpenSwan_GW_IP>:4500[ ..OpenSwan_GW_DN.. 
> ,S=C]:17/1701...24.45.15.131:4500[ ..WinXP_Client_DN ..]:17/1701

Hm, this should have been the correct configuration. Are you sure the
Linksys is not doing IPsec passthrough? It should be disabled.

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl


More information about the Users mailing list