[Openswan Users] cannot respond to IPsec SA request because no
connection is known
Paul Wouters
paul at xelerance.com
Thu May 27 18:40:47 CEST 2004
On Thu, 27 May 2004 giovanni.m at agilemovement.it wrote:
> May 27 15:07:14 roma pluto[22405]: "rw-any-3des-manual"[1] 82.88.XXX.XXX:4500
> #1: cannot respond to IPsec SA request because no connection is known for
> 0.0.0.0/0===83.103.XXX.XXX:4500[C=IT, ST=Roma, L=Roma, O=Cofax Roma, OU=VPN
> Cofax Roma, CN=roma_cofax_vpn,
> E=administrator at cofax.it]...82.88.XXX.XXX:4500[C=IT, ST=MI, L=Milano, O=cofax
> roaming user, OU=, CN=roaming_user, E=administrator at cofax.it]===192.168.1.216/32
Note the 0.0.0.0/0 subnet the client is asking. It is asking to tunnel ALL its
traffic to the VPN server.
> conn %default
> #keyingretries=0
> disablearrivalcheck=yes
> authby=rsasig
> keyexchange=ike
> ikelifetime=240m
> keylife=60m
> rekey=yes
> pfs=yes
> compress=no
> left=83.103.XXX.XXX
> leftnexthop=83.103.XXX.XXX
> leftrsasigkey=%cert
> leftid="C=IT, ST=Roma, L=Roma, O=Cofax Roma, OU=VPN Cofax Roma,
> CN=roma_cofax_vpn, Email=administrator at cofax.it"
> leftcert=certs/swanCert.pem
> auto=add
I don't see a matching leftsubnet=0.0.0.0/0
> conn rw-any-3des-manual
> type=tunnel
> right=%any
> rightrsasigkey=%cert
> rightid="C=IT, ST=MI, L=Milano, O=cofax roaming user, OU=vpn user,
> CN=roaming_user, Email=administrator at cofax.it"
> auto=add
Nor here.
Either tell SSH to stop tunnel everything, or tell your freeswan server it is
to accept everything.
You are also using nat_traversal=yes without vhost or subnetwithin statements.
I don't think that works as you expect.
Paul
More information about the Users
mailing list