[Openswan Users] cannot respond to IPsec SA request because no connection is known for 134.159.111.98

Sebastian McDonagh openswan at agbnielsen.com.au
Tue Jan 29 18:28:18 EST 2008


Ok have added the exclusion of the internal subnets, thanks for that.

You are correct i was just testing the connection from an internal machine.  
Will see if i can set up an external machine to connect.

Predominantly vpn clients will be  Winxp service pack 2 or Win2k3 server, 
Aside from 2 Slackware boxes, 

Thanks for your time Jacco in helping me understand where i am going wrong.

Seb

On Wed, 30 Jan 2008 10:07:02 am Jacco de Leeuw wrote:
> Sebastian McDonagh wrote:
> > One thing to note though is when i try to connect through a windows xp
> > client l2tp not natted i get the same error message.
>
> You are connecting to the server on 192.168.1.254, but left=%defaultroute
> is at 134.159.111.98. So Openswan ignores this.
>
> I suppose if you use:
>
> conn roadwarrior-l2tp-updatedwin
>    left=192.168.1.254
>
> it should work, but 192.168.1.0/24 is an internal network, presumably.
> So you probably do want to use left=%defaultroute, but then you need to
> connect with a client from an external location.
>
> You might also need to exclude all your internal subnets in
> virtual_private=. I would also suggest removing 'conn roadwarrior-l2tp' and
> tell people to install the Windows 2000/XP NAT-T update, XP SP2 or Vista.
>
> Jacco



-- 
Sebastian McDonagh
Senior LAN Administrator
AGB Nielsen Media Research
Australia
ph: +61 2 9490 6500
f: +61 2 9490 6599
m: +61 401 991 595


More information about the Users mailing list