[Openswan Users] no connection is known for...

Mark Frost mfrost at westnet.com
Mon May 24 17:49:29 CEST 2004



Jacco de Leeuw wrote:

> Mark Frost schreef:
>
>> In any case, my l2tpd.conf file does have only local private network 
>> addresses in it -- i.e. 172.16.*.* :
>
>
> Oops, sorry about this. I overlooked the start of this thread where
> you mention this. You're right, your l2tpd.conf is not the problem.
> The problem is NAT.
>
> I must admit that I have not yet tested NAT-T with Openswan but after
> a bit of bad luck (fried disk) I finally got a test setup in place.
> I hope to have a go at it soon.
>

And in my case, I've got NAT on both sides with the OS gateway acting as 
a gateway (but not the NAT server) on the non-roadwarrior side.

>> conn %default
>>    compress=yes
>
>
> Should be disabled. Windows does not support IPsec compression.
>

OK, done.  Thanks.

>>    #
>>    # The remote user.
>>    #
>>    right=%any
>>    rightrsasigkey=%cert
>>    rightcert=/etc/ipsec.d/certs/mfrost99.pem
>>    rightsubnet=192.168.1.0/24
>>    rightprotoport=17/1701
>
>> May 24 15:07:26 outpost pluto[7275]: "L2TP-CERT"[1] 24.45.15.131:4500 
>> #2: cannot respond to IPsec SA request because no connection is known 
>> for <OpenSwan_GW_IP>:4500[ ..OpenSwan_GW_DN.. 
>> ,S=C]:17/1701...24.45.15.131:4500[ ..WinXP_Client_DN ..]:17/1701
>
>
> Hm, this should have been the correct configuration. Are you sure the
> Linksys is not doing IPsec passthrough? It should be disabled.
>
> Jacco


IPsec passthrough was enabled.  I just turned it off and tried again.  
It doesn't seem to have any effect.  I'm very puzzled as to why I'd get 
that line "no connection is known for...".  I ran ipsec auto --status as 
suggested by Juha and the connections match character for character, 
except that the IP addr's in the log entry above have the port number 
appended (i.e. addr:4500) which I wouldn't think would matter.

Thanks

Mark


More information about the Users mailing list