[Openswan Users] cannot respond to IPsec SA request because no connection is known for 134.159.111.98
Jacco de Leeuw
jacco2 at dds.nl
Tue Jan 29 15:00:17 EST 2008
Sebastian McDonagh wrote:
> The vpn server is on a static ip, and the "roadwarrior" is behind a Billion
> adsl router.
> Jan 29 10:50:01 AUSSVFW0106 pluto[14396]: "roadwarrior"[2] 124.178.229.192 #2:
> cannot respond to IPsec SA request because no connection is known for
> 134.159.111.98[C=XX, ST=XXX, O=XXXXXX,
> CN=aussvfw0106.agbnielsen.com.au]...124.178.229.192[C=AU, ST=XXX,
> O=XXXXXXXXXXX, CN=XXXXXXXXXXXX]===10.45.0.2/32
>
> and the ipsec.conf on the client machine is as follows.
>
> conn roadwarrior
> left=134.159.111.98
> leftsubnet=134.159.111.98/32
If the client is behind NAT, then this should be the internal IP
address, e.g. left=10.45.0.2. If the client is a roadwarrior then I
suppose you should remove the leftsubnet, because you don't want the
remote network to access the client's local network.
Jacco
--
Jacco de Leeuw mailto:jacco2 at dds.nl
Zaandam, The Netherlands http://www.jacco2.dds.nl
More information about the Users
mailing list