[Openswan Users]
cannot respond to IPsec SA request because no connection is known
giovanni.m at agilemovement.it
giovanni.m at agilemovement.it
Thu May 27 16:30:37 CEST 2004
Ciao,
I'm having trouble connecting to SuperFreeSwan 1.99.8 from SSH Sentinel on a
nat'd connection.
When I connect from a public ip address, everything works. when I connect from
a nat'd private ip, I get this error:
May 27 15:07:14 roma pluto[22405]: "rw-any-3des-manual"[1] 82.88.XXX.XXX:4500
#1: cannot respond to IPsec SA request because no connection is known for
0.0.0.0/0===83.103.XXX.XXX:4500[C=IT, ST=Roma, L=Roma, O=Cofax Roma, OU=VPN
Cofax Roma, CN=roma_cofax_vpn,
E=administrator at cofax.it]...82.88.XXX.XXX:4500[C=IT, ST=MI, L=Milano, O=cofax
roaming user, OU=, CN=roaming_user, E=administrator at cofax.it]===192.168.1.216/32
May 27 15:07:14 roma pluto[22405]: "rw-any-3des-manual"[1] 82.88.XXX.XXX:4500
#1: sending encrypted notification INVALID_ID_INFORMATION to 82.88.XXX.XXX:4500
I've read the FAQ on this error message
http://www.freeswan.org/freeswan_snaps/CURRENT-SNAP/doc/faq.html
which made me think that I wasn't describing the connections in the right way.
I think I have things correct in ipsec.conf though. If I change the values in
in the id fields then not even IKE phase 1 passes.
config setup
interfaces="ipsec0=eth1"
klipsdebug=none
plutodebug="parsing control"
plutoload=%search
plutostart=%search
uniqueids=yes
nat_traversal=yes
# Global connection defaults
conn %default
#keyingretries=0
disablearrivalcheck=yes
authby=rsasig
keyexchange=ike
ikelifetime=240m
keylife=60m
rekey=yes
pfs=yes
compress=no
left=83.103.XXX.XXX
leftnexthop=83.103.XXX.XXX
leftrsasigkey=%cert
leftid="C=IT, ST=Roma, L=Roma, O=Cofax Roma, OU=VPN Cofax Roma,
CN=roma_cofax_vpn, Email=administrator at cofax.it"
leftcert=certs/swanCert.pem
auto=add
conn rw-any-3des-manual
type=tunnel
right=%any
rightrsasigkey=%cert
rightid="C=IT, ST=MI, L=Milano, O=cofax roaming user, OU=vpn user,
CN=roaming_user, Email=administrator at cofax.it"
auto=add
Thank you for any advice.
G
More information about the Users
mailing list