[Openswan Users] cannot respond to IPsec SA request because no connection..

Rodrigo nobregasz at yahoo.com.br
Tue Mar 8 17:43:05 CET 2005 

I know a lot of people have this problem.. i saw in
the list but i cant resolv :/

im trying setup openswam gw behind NAt firewall like
this:



Remote ----------- NAT/Firewall ------------- gw vpn
x.x.x.x ---- 200.164.x.x / 192.168.0.2
-----192.168.0.8

im trying pig 200.164.x.x from remote system and i 
get this log:

NAt is forwarding all trafic to gw vpn natting.



1: responding to Main Mode from unknown peer
200.241.203.97
Mar  7 16:52:22 vpn pluto[2044]: "roadwarrior-net"[1]
200.241.203.97 #1: transition from state STATE_MAIN_R0
to state STATE_MAIN_R1
Mar  7 16:52:22 vpn pluto[2044]: "roadwarrior-net"[1]
200.241.203.97 #1: NAT-Traversal: Result using
draft-ietf-ipsec-nat-t-ike-02/03:
i am NATed
Mar  7 16:52:22 vpn pluto[2044]: "roadwarrior-net"[1]
200.241.203.97 #1: transition from state STATE_MAIN_R1
to state STATE_MAIN_R2
Mar  7 16:52:23 vpn pluto[2044]: "roadwarrior-net"[1]
200.241.203.97 #1: Main mode peer ID is
ID_DER_ASN1_DN: 'C=br, ST=paraiba, L=joao pessoa,
O=sefin, OU=nsi, CN=suporte.vpn.sefin,
E=rnobrega at sre.pb.gov.br <http://br.f149.mail.yahoo.com/ym/Compose?To=rnobrega@sre.pb.gov.br&YY=55864&order=down&sort=date&pos=0&view=a&head=b>'
Mar  7 16:52:23 vpn pluto[2044]: "roadwarrior-net"[2]
200.241.203.97 #1: deleting connection
"roadwarrior-net" instance with peer 200.241.203.97
{isakmp=#0/ipsec=#0}
Mar  7 16:52:23 vpn pluto[2044]: "roadwarrior-net"[2]
200.241.203.97 #1: I am sending my cert
Mar  7 16:52:23 vpn pluto[2044]: "roadwarrior-net"[2]
200.241.203.97 #1: transition from state STATE_MAIN_R2
to state STATE_MAIN_R3
Mar  7 16:52:23 vpn pluto[2044]: | NAT-T: new mapping
200.241.203.97:500/4500)
Mar  7 16:52:23 vpn pluto[2044]: "roadwarrior-net"[2]
200.241.203.97:4500 #1: sent MR3, ISAKMP SA
established
Mar  7 16:52:25 vpn pluto[2044]: "roadwarrior-net"[2]
200.241.203.97:4500 #1: retransmitting in response to
duplicate packet; already STATE_MAIN_R3
Mar  7 16:52:25 vpn pluto[2044]: "roadwarrior-net"[2]
200.241.203.97:4500 #1: cannot respond to IPsec SA
request because no connection
is known for 200.164.224.8/32===192.168.1.8:4500[C=br,
ST=paraiba, L=joao pessoa, O=sefin, OU=nsi,
CN=gw.vpn.sefin,
E=rnobrega at sre.pb.gov.br <http://br.f149.mail.yahoo.com/ym/Compose?To=rnobrega@sre.pb.gov.br&YY=55864&order=down&sort=date&pos=0&view=a&head=b>]...200.241.203.97:4500[C=br,
ST=paraiba, L=joao pessoa, O=sefin, OU=nsi,
CN=suporte.vpn.sefin, E=rnobrega at sre.pb.gov.br <http://br.f149.mail.yahoo.com/ym/Compose?To=rnobrega@sre.pb.gov.br&YY=55864&order=down&sort=date&pos=0&view=a&head=b>]
Mar  7 16:52:25 vpn pluto[2044]: "roadwarrior-net"[2]
200.241.203.97:4500 #1: sending encrypted notification
INVALID_ID_INFORMATION to
200.241.203.97:4500
Mar  7 16:52:25 vpn pluto[2044]: "roadwarrior-net"[2]
200.241.203.97:4500 #1: Quick Mode I1 message is
unacceptable because it uses a previously used Message
ID 0x0842331f (perhaps this is a duplicated packet)
Mar  7 16:52:25 vpn pluto[2044]: "roadwarrior-net"[2]
200.241.203.97:4500 #1: sending encrypted notification
INVALID_MESSAGE_ID to 200.241.203.97:4500

ipsec.conf:

config setup
	interfaces=%defaultroute
	nat_traversal=yes
	overridemtu=1400

virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16

conn %default
	keyingtries=1
	compress=yes
	disablearrivalcheck=no
	authby=rsasig
	leftrsasigkey=%cert
	rightrsasigkey=%cert

conn roadwarrior-net
	leftsubnet=10.10.1.0/255.255.255.0
	also=roadwarrior

conn roadwarrior
	left=%defaultroute
	leftcert=gw.vpn.sefin.pem
	right=%any
	rightsubnet=vhost:%no,%priv
	auto=add
	pfs=yes

conn block
	auto=ignore

conn private
	auto=ignore

conn private-or-clear
	auto=ignore

conn clear-or-private
	auto=ignore

conn clear
	auto=ignore

conn packetdefault
	auto=ignore


tks for all

More information about the Users mailing list