[Openswan Users] VPN between two NATed computers, error: cannot IPSec SA; no connection is known

Jacco de Leeuw jacco2 at dds.nl
Wed Dec 14 11:16:59 CET 2005

Steven Schlansker wrote:

> Dec 13 15:41:29 localhost pluto[25673]: "L2TP-PSK"[2] #1: 
> cannot respond to IPsec SA request because no connection is known for 
> Nothing has worked.  After searching for workarounds for hours, there 
> appears to be a patch for exactly this. 
> (http://lists.strongswan.org/pipermail/users/2005-February/000645.html) 

I guess this is the same as Bernd Galonska's patch:

> However, the patch must be against a very different version -

Yes, there is another patch for Openswan 2.3.1-2.4.5dr on the page
linked above. As far as I can see, vanilla Openswan still does not
support servers behind NAT if transport mode (e.g., L2TP/IPsec) is used.

I don't know if the patch works with a PSK because I mainly use certificates.

> messages.  I found a site saying that any keys over 1024 bits will not 
> work.  Is this still true in 2.4.0?  If so, there really ought to be a 

I'm not sure if Windows clients support anything over 2048 bits
(or 1024 bits, for that matter). The NSA probably won't allow it :-).

Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl
                     Mosquitos suck

More information about the Users mailing list