[Openswan Users] VPN between two NATed computers, error: cannot
IPSec SA; no connection is known
Jacco de Leeuw
jacco2 at dds.nl
Wed Dec 14 11:16:59 CET 2005
Steven Schlansker wrote:
> Dec 13 15:41:29 localhost pluto: "L2TP-PSK" 188.8.131.52 #1:
> cannot respond to IPsec SA request because no connection is known for
> Nothing has worked. After searching for workarounds for hours, there
> appears to be a patch for exactly this.
I guess this is the same as Bernd Galonska's patch:
> However, the patch must be against a very different version -
Yes, there is another patch for Openswan 2.3.1-2.4.5dr on the page
linked above. As far as I can see, vanilla Openswan still does not
support servers behind NAT if transport mode (e.g., L2TP/IPsec) is used.
I don't know if the patch works with a PSK because I mainly use certificates.
> messages. I found a site saying that any keys over 1024 bits will not
> work. Is this still true in 2.4.0? If so, there really ought to be a
I'm not sure if Windows clients support anything over 2048 bits
(or 1024 bits, for that matter). The NSA probably won't allow it :-).
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users