[Openswan Users] cannot respond to IPsec SA request because no connection is known

giovanni.m at agilemovement.it giovanni.m at agilemovement.it
Thu May 27 16:30:37 CEST 2004


Ciao,

I'm having trouble connecting to SuperFreeSwan 1.99.8 from SSH Sentinel on a
nat'd connection.

When I connect from a public ip address, everything works. when I connect from
a nat'd private ip, I get this error:

May 27 15:07:14 roma pluto[22405]: "rw-any-3des-manual"[1] 82.88.XXX.XXX:4500
#1: cannot respond to IPsec SA request because no connection is known for
0.0.0.0/0===83.103.XXX.XXX:4500[C=IT, ST=Roma, L=Roma, O=Cofax Roma, OU=VPN
Cofax Roma, CN=roma_cofax_vpn,
E=administrator at cofax.it]...82.88.XXX.XXX:4500[C=IT, ST=MI, L=Milano, O=cofax
roaming user, OU=, CN=roaming_user, E=administrator at cofax.it]===192.168.1.216/32
May 27 15:07:14 roma pluto[22405]: "rw-any-3des-manual"[1] 82.88.XXX.XXX:4500
#1: sending encrypted notification INVALID_ID_INFORMATION to 82.88.XXX.XXX:4500

I've read the FAQ on this error message

http://www.freeswan.org/freeswan_snaps/CURRENT-SNAP/doc/faq.html

which made me think that I wasn't describing the connections in the right way.
I think I have things correct in ipsec.conf though. If I change the values in
in the id fields then not even IKE phase 1 passes.

config setup
        interfaces="ipsec0=eth1"
        klipsdebug=none
        plutodebug="parsing control"
        plutoload=%search
        plutostart=%search
        uniqueids=yes
        nat_traversal=yes

# Global connection defaults

conn %default
        #keyingretries=0
        disablearrivalcheck=yes
        authby=rsasig
        keyexchange=ike
        ikelifetime=240m
        keylife=60m
        rekey=yes
        pfs=yes
        compress=no
        left=83.103.XXX.XXX
        leftnexthop=83.103.XXX.XXX
        leftrsasigkey=%cert
        leftid="C=IT, ST=Roma, L=Roma, O=Cofax Roma, OU=VPN Cofax Roma,
CN=roma_cofax_vpn, Email=administrator at cofax.it"
        leftcert=certs/swanCert.pem
        auto=add

conn rw-any-3des-manual
        type=tunnel
        right=%any
        rightrsasigkey=%cert
        rightid="C=IT, ST=MI, L=Milano, O=cofax roaming user, OU=vpn user,
CN=roaming_user, Email=administrator at cofax.it"
        auto=add

Thank you for any advice.

G


More information about the Users mailing list