[Openswan Users] ipsec problems...

Norman Rasmussen normanr at gmail.com
Thu May 26 13:13:27 CEST 2005 

What version of the NAT patch does openswan report?

On 26/05/05, Malcolm Amir Hussain-Gambles <malcolm at secpay.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> We are trying to get an IPSec connection from a laptop (starting with
> linux) behind a nat device to the office network but keep getting this
> error. We've been trying for ages and can't seem to crack this.
> We have the certs or secrets working fine and are using openswan-2.3.1-1
> on fc3 with openswan-klips-2.3.1-2.6.10_1.770 (with the correct kernel)
> 
> this is an extract of the problem...
> 
> May 26 10:59:47 ripon pluto[21064]: "roadwarrior"[2] xx.xx.xx.xx #1:
> sent MR3, ISAKMP SA established
> 
> May 26 10:59:47 ripon pluto[21064]: |
> processing connection roadwarrior[2] xx.xx.xx.xx May 26
> 10:59:47 ripon pluto[21064]: "roadwarrior"[2] 86.130.241.37 #1: cannot
> respond to IPsec SA request because no connection is known for
> xx.xx.xx.xx [cert details here]===192.168.1.5/32
> 
> May 26 10:59:47 ripon pluto[21064]: "roadwarrior"[2]
> xx.xx.xx.xx #1: sending encrypted notification INVALID_ID_INFORMATION
> to xx.xx.xx.xx:50446
> 
> and the config...
> version 2
> 
> config setup
>         interfaces=%defaultroute
>         nat_traversal=yes
>         klipsdebug=all
>         plutodebug=dns
>         virtual_private=%v4:192.168.0.0/16,%v4:!192.168.2.0/24
> 
> conn %default
>         keyingtries=1
>         compress=yes
>         disablearrivalcheck=no
>         authby=rsasig
>         leftrsasigkey=%cert
>         rightrsasigkey=%cert
> 
> conn roadwarrior
>         type=tunnel
>         left=%defaultroute
>         leftsubnet=192.168.2.0/24
>         leftcert=server.pem
>         compress=yes
>         right=%any
>         rightsubnet=vhost:%no,%priv
>         auto=add
>         pfs=no
> 
> we have tried pfs with yes and no and removed the compress and tried
> removing the leftsubnet, but with no luck, any help would be greatly
> appreciated!
> 
> - --
> 
> Malcolm Amir Hussain-Gambles
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.0 (GNU/Linux)
> 
> iD8DBQFClaD9ohirVZpk3jQRAnAWAJwLItsrAnyfwzaFikLCdIcpVwXf0QCfYaRX
> P33JiL8tLVh/Uari1JjM/n0=
> =ldrS
> -----END PGP SIGNATURE-----
> 
> 
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> 
> 
> 


-- 
- Norman Rasmussen
 - Email: norman at rasmussen.org
 - Home page: http://norman.rasmussen.org/

More information about the Users mailing list