[Openswan Users] cannot respond to IPsec SA request because no connection is known
Paul Wouters
paul at xelerance.com
Sun Dec 16 15:45:29 EST 2007
On Fri, 14 Dec 2007, Yip wrote:
> Env:
> 203.194.231.42 (redhat) <---> 203.166.672.230 (ciscovpn) --- 10.30.20.0/24
>
> /etc/ipsec.conf
> conn hosttohost
> left=203.194.231.42
> leftsubnet=203.194.231.42/32
> right=203.166.672.23
> rightsubnet=10.30.20.0/24
> type=tunnel
> auto=add
> auth=esp
> pfs=no
> authby=secret
> ikelifetime=8h
> esp=3des-md5-168
>
>
> Problem:
> VPN established
> But unable to ping 10.30.20.x
YOur vpn does not establish if you see:
> Dec 14 20:57:55 cpweb pluto[22475]: "hosttohost" #4: cannot respond to IPsec
> SA request because no connection is known for
> 203.194.231.43/32===203.194.231.42...203.166.672.230===10.30.20.0/24
My best guess without seeing the logs from tartup to failure, is that
you don't have nat traversal enabled. see nat_traversal and virtual_private
options in the ipsec.conf man page.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list