[Openswan Users] Again: "no connection is known for..."
Paul Wouters
paul at xtdnet.nl
Wed Mar 23 16:01:59 CET 2005
On Wed, 23 Mar 2005, Piero Filippin wrote:
> WinXPSP2 Laptop --> Access point --> IPCop Box (blue)--> IPCop box green
>
> 192.168.1.110 192.168.1.100 192.168.0.199
> Mar 18 14:43:03ipcop pluto[695]: "Laptop"[1] 192.168.1.110 #1: cannot respond toIPsec SA request because no connection is known for 192.168.1.100[C=UK,O=Initiative, CN=initiative.localdomain]:17/1701...192.168.1.110[C=UK,O=Initiative, CN=Piero Laptop]:17/1701
> 192.168.1.100 <-> 192.168.1.110
>
> instead of:
>
> 192.168.0.0/24===192.168.1.100 <-> 192.168.1.110
>
> nat_traversal=yes
> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16,%v4:!192.168.0.0/255.255.255.0,%v4:!192.168.1.0/255.255.255.0
> conn Laptop
> left=192.168.1.100
> leftsubnet=192.168.0.0/24
> leftcert=/var/ipcop/certs/hostcert.pem
> right=%any
> rightsubnet=vhost:%no,%priv
> rightcert=/var/ipcop/certs/Laptopcert.pem
> authby=rsasig
> auto=add
If that is really the loaded connection, then perhaps your virtual_private is in
the way. can you disable nat_traversal and the virtual private line and the
rightsubnet and see if that works?
Paul
More information about the Users
mailing list