[Openswan Users] cannot respond to IPsec SA request because no connection is known for

Sebastian McDonagh openswan at agbnielsen.com.au
Tue Jan 29 18:28:18 EST 2008

Ok have added the exclusion of the internal subnets, thanks for that.

You are correct i was just testing the connection from an internal machine.  
Will see if i can set up an external machine to connect.

Predominantly vpn clients will be  Winxp service pack 2 or Win2k3 server, 
Aside from 2 Slackware boxes, 

Thanks for your time Jacco in helping me understand where i am going wrong.


On Wed, 30 Jan 2008 10:07:02 am Jacco de Leeuw wrote:
> Sebastian McDonagh wrote:
> > One thing to note though is when i try to connect through a windows xp
> > client l2tp not natted i get the same error message.
> You are connecting to the server on, but left=%defaultroute
> is at So Openswan ignores this.
> I suppose if you use:
> conn roadwarrior-l2tp-updatedwin
>    left=
> it should work, but is an internal network, presumably.
> So you probably do want to use left=%defaultroute, but then you need to
> connect with a client from an external location.
> You might also need to exclude all your internal subnets in
> virtual_private=. I would also suggest removing 'conn roadwarrior-l2tp' and
> tell people to install the Windows 2000/XP NAT-T update, XP SP2 or Vista.
> Jacco

Sebastian McDonagh
Senior LAN Administrator
AGB Nielsen Media Research
ph: +61 2 9490 6500
f: +61 2 9490 6599
m: +61 401 991 595

More information about the Users mailing list