[Openswan Users] no connection is known for...
Mark Frost
mfrost at westnet.com
Mon May 24 17:49:29 CEST 2004
Jacco de Leeuw wrote:
> Mark Frost schreef:
>
>> In any case, my l2tpd.conf file does have only local private network
>> addresses in it -- i.e. 172.16.*.* :
>
>
> Oops, sorry about this. I overlooked the start of this thread where
> you mention this. You're right, your l2tpd.conf is not the problem.
> The problem is NAT.
>
> I must admit that I have not yet tested NAT-T with Openswan but after
> a bit of bad luck (fried disk) I finally got a test setup in place.
> I hope to have a go at it soon.
>
And in my case, I've got NAT on both sides with the OS gateway acting as
a gateway (but not the NAT server) on the non-roadwarrior side.
>> conn %default
>> compress=yes
>
>
> Should be disabled. Windows does not support IPsec compression.
>
OK, done. Thanks.
>> #
>> # The remote user.
>> #
>> right=%any
>> rightrsasigkey=%cert
>> rightcert=/etc/ipsec.d/certs/mfrost99.pem
>> rightsubnet=192.168.1.0/24
>> rightprotoport=17/1701
>
>> May 24 15:07:26 outpost pluto[7275]: "L2TP-CERT"[1] 24.45.15.131:4500
>> #2: cannot respond to IPsec SA request because no connection is known
>> for <OpenSwan_GW_IP>:4500[ ..OpenSwan_GW_DN..
>> ,S=C]:17/1701...24.45.15.131:4500[ ..WinXP_Client_DN ..]:17/1701
>
>
> Hm, this should have been the correct configuration. Are you sure the
> Linksys is not doing IPsec passthrough? It should be disabled.
>
> Jacco
IPsec passthrough was enabled. I just turned it off and tried again.
It doesn't seem to have any effect. I'm very puzzled as to why I'd get
that line "no connection is known for...". I ran ipsec auto --status as
suggested by Juha and the connections match character for character,
except that the IP addr's in the log entry above have the port number
appended (i.e. addr:4500) which I wouldn't think would matter.
Thanks
Mark
More information about the Users
mailing list