[Openswan Users] cannot respond to IPsec SA request because no connection is known

Yip cyyip at cherrypicks.com
Sun Dec 16 23:53:01 EST 2007


Hi, Paul,


Thank you so much for your advice.
The problem is found. It is because the virtual ip in the host.
When I stop the vip in the host and restart the ipsec service, it can 
ping to the opposite site.

Now I'm studying how to use vip and openswan at the same time.
Do you have any suggestion?

Thanks again.

Yip



Paul Wouters wrote:
> On Fri, 14 Dec 2007, Yip wrote:
>
>   
>> Env:
>> 203.194.231.42 (redhat)  <---> 203.166.672.230 (ciscovpn) --- 10.30.20.0/24
>>
>> /etc/ipsec.conf
>> conn hosttohost
>>        left=203.194.231.42
>>        leftsubnet=203.194.231.42/32
>>        right=203.166.672.23
>>        rightsubnet=10.30.20.0/24
>>        type=tunnel
>>        auto=add
>>        auth=esp
>>        pfs=no
>>        authby=secret
>>        ikelifetime=8h
>>        esp=3des-md5-168
>>
>>
>> Problem:
>> VPN established
>> But unable to ping 10.30.20.x
>>     
>
> YOur vpn does not establish if you see:
>
>   
>> Dec 14 20:57:55 cpweb pluto[22475]: "hosttohost" #4: cannot respond to IPsec
>> SA request because no connection is known for
>> 203.194.231.43/32===203.194.231.42...203.166.672.230===10.30.20.0/24
>>     
>
> My best guess without seeing the logs from tartup to failure, is that
> you don't have nat traversal enabled. see nat_traversal and virtual_private
> options in the ipsec.conf man page.
>
> Paul
>   



More information about the Users mailing list