[Openswan Users] Strange problem

Christophe Ngo cngovanduc at gmail.com
Tue Feb 7 21:11:52 CET 2006


Of course:

# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.15.2.2 2005/11/14 20:10:27 paul Exp $

# This file:  /usr/local/share/doc/openswan/ipsec.conf-sample
#
# Manual:     ipsec.conf.5


version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration
config setup
        # plutodebug / klipsdebug = "all", "none" or a combation from below:
        # "raw crypt parsing emitting control klips pfkey natt x509 private"
        # eg:
        # plutodebug="control parsing"
        #
        # Only enable klipsdebug=all if you are a developer
        #
        # NAT-TRAVERSAL support, see README.NAT-Traversal
         nat_traversal=yes
         virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12
#        plutodebug="all"

conn L2TP-PSK 
        #
        authby=secret
        pfs=no
        rekey=no
        keyingtries=3

        left=%defaultroute

        leftprotoport=17/%any

        right=%any

        rightprotoport=17/%any

        auto=add

#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf

In ipsec.secrets I have:
x.x.x.x %any: PSK "***********"
: RSA   {
    ....
    }

On 2/7/06 8:18 PM, "Paul Wouters" <paul at xelerance.com> wrote:

> On Tue, 7 Feb 2006, Christophe Ngo wrote:
> 
>> I have this:
>> virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12
> 
> Can you show the entire ispec.conf?
> 
> Paul
> 
>> 
>> On 2/7/06 2:55 PM, "Paul Wouters" <paul at xelerance.com> wrote:
>> 
>>> On Tue, 7 Feb 2006, Christophe Ngo wrote:
>>> 
>>>>   I've been doing some tests and on some winxp and on my MacOS X 10.4.3 I
>>>> have this error message showing up in the log:
>>>> cannot respond to IPsec SA request because no connection is known for
>>>> x.x.x.x:17/1701...y.y.y.y[10.0.0.3]:17/%any===10.0.0.3/32
>>>> 
>>>> I have put
>>>> left=%defaultroute
>>>> leftprotoport=17/1701.
>>>> right=%any
>>>> rightprotoport=17/%any
>>>> 
>>>>  I have also tried with leftprotoport=17/%any without success
>>>> 
>>>>  I am using Openswan Version 2.4.5rc4 X.509-1.5.4
>>> 
>>> Do you have 10.0.0.0/24 in virtual_private on the server side?
>>> 
>>> Paul
>> 
>> 
>> _______________________________________________
>> Users mailing list
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>> 




More information about the Users mailing list