[Openswan Users] decyphering "cannot respond to IPsec SA request"
Christian Brechbühler
brechbuehler at gmail.com
Wed Feb 15 15:26:04 CET 2006
plutodebug=all seems to turn on controlmore, but I don't get the expected output
Windows XP roadwarrior tries connecting to openswan 2.4.4, which
consistently logs
> Feb 15 14:07:29 [pluto] "home-l2tp-newwin"[1] 42.61.74.263 #3: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp2048}
> Feb 15 14:07:29 [pluto] "home-l2tp-newwin"[1] 42.61.74.263 #3: cannot respond to IPsec SA request because no connection is known for 66.92.59.63[C=US, ST=Massachusetts, L=Boston, O=EventMonitor, Inc., CN=lea-vpn, E=brechbuehler at gmail.com]:17/1701...42.61.74.263[@IBM-A242175E87C]:17/1701
authby=secret
The message "cannot respond to IPsec SA request..." is emitted in
function quick_inI1_outR1_authtail (in ikev1_quick.c) if
find_client_connection returns null. That function (in connections.c)
looks like it should show step by step what's going on, first, e.g.,
"find_client_connection starting with %s". But I don't see any output
like that in my log file.
Is there a way to turn on more debug output? Or to determine WHY
pluto thinks that no connection exists?
Thanks
Christian
More information about the Users
mailing list