[Openswan Users] Strange IPSEC issue
Paul Wouters
paul at xelerance.com
Tue Sep 5 16:21:52 EDT 2006
On Tue, 5 Sep 2006, Jeremy Mann wrote:
> Sep 5 13:52:24 openswan pluto[2130]: "lohc-all-ATT" #14201: cannot
> respond to IPsec SA request because no connection is known for
> 0.0.0.0/0===xx.xxx.xx.76...xx.xxx.xxx.130
> Those are the logs verbatim above...
>
> when ipsec is reset, I'll get a successful tunnel established for
> 192.168.8.0/24, it's after that tunnel establishes I get the above logs
> over and over again. If I do an ipsec auto --status, I'll see at the
> top a successful tunnel, followed by upwards of 100+ invalid tunnels
> related to the logs above.
Can you show the successfull connection's logs to see what is different.
My guess is that initiating a connection works, but responding does not.
This could be because of pfs=no. Is that really neccessary?
Paul
> Paul Wouters wrote:
> > On Tue, 5 Sep 2006, Jeremy Mann wrote:
> >
> >
> >> I have a strange problem connecting a sonicwall to my openvpn server.
> >> If I specify subnets directly it works, however if I set the sonicwall
> >> send all traffic through the tunnel(0.0.0.0/0) to openswan, I get the
> >> following error over and over and over and over again.
> >>
> >> Sep 5 18:56:02 openswan pluto[5526]: "lohc-all-ATT" #387:
> >> STATE_MAIN_R3: sent MR3, ISAKMP SA established
> >> {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha
> >> group=modp1024}
> >> Sep 5 18:56:02 openswan pluto[5526]: "lohc-all-ATT" #387: cannot
> >> respond to IPsec SA request because no connection is known for
> >> 0.0.0.0/0===openswan-box...remote-site
> >>
> >
> > You should avoid editing log messages to hide IP information. If it really
> > said the above, it looks like it is missing the 192.168.8.0/24 in its
> > proposal to openswan. eg you have configured openswan for 0.0.0.0/0 - 192.168.8.0/24
> > but the sonicwall is asking for 0.0.0.0/0 - ItsIPonly
> >
> > Paul
> >
>
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list