[Openswan Users] VPN between two NATed computers, error: cannot
IPSec SA; no connection is known
Jacco de Leeuw
jacco2 at dds.nl
Wed Dec 14 11:16:59 CET 2005
Steven Schlansker wrote:
> Dec 13 15:41:29 localhost pluto[25673]: "L2TP-PSK"[2] 69.237.215.125 #1:
> cannot respond to IPsec SA request because no connection is known for
> 70.132.67.128/32===192.168.0.11:17/1701...69.237.215.125[@echoes]:17/%any
>
> Nothing has worked. After searching for workarounds for hours, there
> appears to be a patch for exactly this.
> (http://lists.strongswan.org/pipermail/users/2005-February/000645.html)
I guess this is the same as Bernd Galonska's patch:
http://bugs.xelerance.com/view.php?id=294
> However, the patch must be against a very different version -
Yes, there is another patch for Openswan 2.3.1-2.4.5dr on the page
linked above. As far as I can see, vanilla Openswan still does not
support servers behind NAT if transport mode (e.g., L2TP/IPsec) is used.
I don't know if the patch works with a PSK because I mainly use certificates.
> messages. I found a site saying that any keys over 1024 bits will not
> work. Is this still true in 2.4.0? If so, there really ought to be a
I'm not sure if Windows clients support anything over 2048 bits
(or 1024 bits, for that matter). The NSA probably won't allow it :-).
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
Mosquitos suck
More information about the Users
mailing list