[Openswan Users] Strange problem
Christophe Ngo
cngovanduc at gmail.com
Tue Feb 7 21:11:52 CET 2006
Of course:
# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.15.2.2 2005/11/14 20:10:27 paul Exp $
# This file: /usr/local/share/doc/openswan/ipsec.conf-sample
#
# Manual: ipsec.conf.5
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# plutodebug / klipsdebug = "all", "none" or a combation from below:
# "raw crypt parsing emitting control klips pfkey natt x509 private"
# eg:
# plutodebug="control parsing"
#
# Only enable klipsdebug=all if you are a developer
#
# NAT-TRAVERSAL support, see README.NAT-Traversal
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12
# plutodebug="all"
conn L2TP-PSK
#
authby=secret
pfs=no
rekey=no
keyingtries=3
left=%defaultroute
leftprotoport=17/%any
right=%any
rightprotoport=17/%any
auto=add
#Disable Opportunistic Encryption
include /etc/ipsec.d/examples/no_oe.conf
In ipsec.secrets I have:
x.x.x.x %any: PSK "***********"
: RSA {
....
}
On 2/7/06 8:18 PM, "Paul Wouters" <paul at xelerance.com> wrote:
> On Tue, 7 Feb 2006, Christophe Ngo wrote:
>
>> I have this:
>> virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%4:172.16.0.0/12
>
> Can you show the entire ispec.conf?
>
> Paul
>
>>
>> On 2/7/06 2:55 PM, "Paul Wouters" <paul at xelerance.com> wrote:
>>
>>> On Tue, 7 Feb 2006, Christophe Ngo wrote:
>>>
>>>> I've been doing some tests and on some winxp and on my MacOS X 10.4.3 I
>>>> have this error message showing up in the log:
>>>> cannot respond to IPsec SA request because no connection is known for
>>>> x.x.x.x:17/1701...y.y.y.y[10.0.0.3]:17/%any===10.0.0.3/32
>>>>
>>>> I have put
>>>> left=%defaultroute
>>>> leftprotoport=17/1701.
>>>> right=%any
>>>> rightprotoport=17/%any
>>>>
>>>> I have also tried with leftprotoport=17/%any without success
>>>>
>>>> I am using Openswan Version 2.4.5rc4 X.509-1.5.4
>>>
>>> Do you have 10.0.0.0/24 in virtual_private on the server side?
>>>
>>> Paul
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>>
More information about the Users
mailing list