[Openswan Users] ipsec problems...
Malcolm Amir Hussain-Gambles
malcolm at secpay.com
Thu May 26 12:12:13 CEST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
We are trying to get an IPSec connection from a laptop (starting with
linux) behind a nat device to the office network but keep getting this
error. We've been trying for ages and can't seem to crack this.
We have the certs or secrets working fine and are using openswan-2.3.1-1
on fc3 with openswan-klips-2.3.1-2.6.10_1.770 (with the correct kernel)
this is an extract of the problem...
May 26 10:59:47 ripon pluto[21064]: "roadwarrior"[2] xx.xx.xx.xx #1:
sent MR3, ISAKMP SA established
May 26 10:59:47 ripon pluto[21064]: |
processing connection roadwarrior[2] xx.xx.xx.xx May 26
10:59:47 ripon pluto[21064]: "roadwarrior"[2] 86.130.241.37 #1: cannot
respond to IPsec SA request because no connection is known for
xx.xx.xx.xx [cert details here]===192.168.1.5/32
May 26 10:59:47 ripon pluto[21064]: "roadwarrior"[2]
xx.xx.xx.xx #1: sending encrypted notification INVALID_ID_INFORMATION
to xx.xx.xx.xx:50446
and the config...
version 2
config setup
interfaces=%defaultroute
nat_traversal=yes
klipsdebug=all
plutodebug=dns
virtual_private=%v4:192.168.0.0/16,%v4:!192.168.2.0/24
conn %default
keyingtries=1
compress=yes
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%cert
rightrsasigkey=%cert
conn roadwarrior
type=tunnel
left=%defaultroute
leftsubnet=192.168.2.0/24
leftcert=server.pem
compress=yes
right=%any
rightsubnet=vhost:%no,%priv
auto=add
pfs=no
we have tried pfs with yes and no and removed the compress and tried
removing the leftsubnet, but with no luck, any help would be greatly
appreciated!
- --
Malcolm Amir Hussain-Gambles
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFClaD9ohirVZpk3jQRAnAWAJwLItsrAnyfwzaFikLCdIcpVwXf0QCfYaRX
P33JiL8tLVh/Uari1JjM/n0=
=ldrS
-----END PGP SIGNATURE-----
More information about the Users
mailing list