[Openswan Users] No suitable connection for peer

Oliver Tomkins oliver.tomkins at alliedvehicles.co.uk
Mon Sep 26 14:47:09 CEST 2005 

Hi guys,

I've recently installed a new box with Fedora Core 4 (2.6.12) as my 
previous install (redhat 7.3) didn't seem to be forwarding the l2tp 
packets after the SA established.

I've installed 2.4.0 and copied over the certs and config files.  When I 
try and connect I see the following in the logs.

Sep 23 10:26:52 mini pluto[2697]: "vpn2"[1] XXX.XXX.XXX.XXX #1: no 
suitable connection for peer 'C=GB, L=City, O=Organisation, 
OU=Information Technology Dept, CN=name.domain.co.uk, E=email at domain.co.uk'
Sep 23 10:26:52 mini pluto[2697]: | complete state transition with (null)
Sep 23 10:26:52 mini pluto[2697]: "vpn2"[1] XXX.XXX.XXX.XXX #1: sending 
encrypted notification INVALID_ID_INFORMATION to XXX.XXX.XXX.XXX:500

ipsec.conf

version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration
config setup
         # Debug-logging controls:  "none" for (almost) none, "all" for 
lots.
         # klipsdebug=none
         # plutodebug="control parsing"
         #klipsdebug=all
         plutodebug=all
         uniqueids=no

# Add connections here

conn vpn
                 type=tunnel
                 pfs=no
                 compress=yes
                 auto=add
                 left=%defaultroute
                 leftrsasigkey=%cert
                 leftcert=ipsec.domain.co.uk.pem
                 leftprotoport=17/1701
                 right=%any
                 rightid="C=GB,L=City,O=Company,OU=Information 
Technology Dept,CN=rw-name.domain.co.uk,E=email at domain.c
o.uk"
                 rightrsasigkey=%cert
                 rightprotoport=17/1701
                 rightca=%same

conn vpn2
                 type=tunnel
                 pfs=no
                 compress=yes
                 auto=add
                 left=%defaultroute
                 leftrsasigkey=%cert
                 leftcert=ipsec.domain.co.uk.pem
                 leftprotoport=17/1701
                 right=%any
                 rightid="C=GB,L=City,O=Company,OU=Information 
Technology Dept,CN=rw2-name.domain.co.uk,E=email at domain.co.uk"
                 rightrsasigkey=%cert
                 rightprotoport=17/1701
                 rightca=%same

Thanks,

Olly.





The information in this e-mail is confidential. The contents may not be disclosed or used by anyone other than the addressee. If you are not the intended recipient, please notify the sender immediately by reply e-mail and delete this message. Allied Vehicles cannot accept any responsibility for the accuracy or completeness of this message as it has been transmitted over a public network.
For details of our products and services please visit our website at www.alliedvehicles.co.uk

More information about the Users mailing list