[Openswan Users] IKE Phase2 fails, cannot respond to IPsec SA

t.henneberger at hcs-computer.de t.henneberger at hcs-computer.de
Tue Sep 28 11:06:25 CEST 2004

Hello Paul

> On Mon, 27 Sep 2004 paul at xelerance.com wrote:
> Well yes, this is impossible. 
> 2) you are trying to connect from an IP range that is part
> of the remote leftsubnet, while building a leftsubnet tunnel. Similar
> warping of space, goto 1.
> I am not sure what you were defining here, but this won't work. I'll assume
> that you are trying to protect your wireless and want to build a tunnel
> the the IPsec server in the same lan, tunneling all your traffic through it.
> This would be something like (on the server):
> left=
> leftsubnet=
> right=%any
> and on the client:
> left=%defaultroute
> right=
> rightsubnet=
> Paul

I am trying to establish the most basic VPN tunnel there is for testing
purpose. The VPN Server is at, the Win2k machine trying
to connect to it is at 

I tried your config and I get the same error.

Could it be that it is not possible to establish a VPN tunnel with 2 
machines on the same net? 

According to my books and docs there should be no problem though... 
left= is the IP of my Linux, leftsubnet is not defined, 
so default is left/32, leftnexthop is not defined, so default is the gateway.
Right=%any is for the roadwarrior, in this case

I have the feeling I either overlooked something or there is a
serious missunderstanding of how VPN works on my side.

Thanks for your help.

More information about the Users mailing list