[Openswan Users] decyphering "cannot respond to IPsec SA request"

Jacco de Leeuw jacco2 at dds.nl
Wed Feb 15 22:42:26 CET 2006


Christian Brechbühler wrote:

> plutodebug=all seems to [...]
> function quick_inI1_outR1_authtail (in ikev1_quick.c) if
> find_client_connection returns null.  That function (in connections.c)
> Is there a way to turn on more debug output? 

Don't use plutodebug=all. You shouldn't have to look in the source
code. It's likely to be a configuration error, not a bug.

> no connection is known for 66.92.59.63[C=US, ST=Massachusetts, L=Boston,
> O=EventMonitor, Inc., CN=lea-vpn, E=brechbuehler at gmail.com]:17/1701...
> 42.61.74.263[@IBM-A242175E87C]:17/1701
> 
> authby=secret

Are you sure you are using a PSK? Because this error message seems to
indicate otherwise. And is there NAT involved somewhere?

> Is there a way to turn on more debug output?  Or to determine WHY
> pluto thinks that no connection exists?

You should post your ipsec.conf.

Jacco
-- 
Jacco de Leeuw                         mailto:jacco2 at dds.nl
Zaandam, The Netherlands           http://www.jacco2.dds.nl


More information about the Users mailing list