[Openswan Users] cannot respond to IPsec SA request because no connection is known for 172.16.77.0/24===192.168.21.153...192.168.21.132===172.16.77.0/24

John Joseph jjk_saji at yahoo.com
Mon May 12 05:29:54 EDT 2008 

Hi 
     I am trying to configure ipsec (without L2TPD)
using psk 
I have my testing GW (Linux) interface eth0 =
192.168.21.153/24 (external interface )  and eth1 =
172.168.77.128/24 (internal interface )

I have my road-warrior machine (Linux)192.168.21.132 

I want my road warrior to get connected to the VPN GW
(internal network 1 using ipsec and then get connected
to the internal network (172.168.77.0/24)


I did necessary changes  to the ipsec.conf both GW and
roadwarrior , when I start to make the connection , I
get message showing that 

 STATE_MAIN_R3: sent MR3, ISAKMP SA established
{auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192
prf=oakley_md5 group=modp1536}
May 12 13:10:26 VPN-LEFT pluto[29835]: "road"[1]
192.168.21.132 #1: cannot respond to IPsec SA request
because no connection is known for
172.16.77.0/24===192.168.21.153...192.168.21.132===172.16.77.0/24
May 12 13:10:26 VPN-LEFT pluto[29835]: "road"[1]
192.168.21.132 #1: sending encrypted notification
INVALID_ID_INFORMATION to 192.168.21.132:500
May 12 13:10:36 VPN-LEFT pluto[29835]: "road"[1]
192.168.21.132 #1: Quick Mode I1 message is
unacceptable because it uses a previously used Message
ID 0x5c595c6d (perhaps this is a duplicated packet)
May 12 13:10:36 VPN-LEFT pluto[29835]: "road"[1]
192.168.21.132 #1: sending encrypted notification
INVALID_MESSAGE_ID to 192.168.21.132:500
May 12 13:10:56 VPN-LEFT pluto[29835]: "road"[1]
192.168.21.132 #1: Quick Mode I1 message is
unacceptable because it uses a previously used Message
ID 0x5c595c6d (perhaps this is a duplicated packet)




######################
 my GW ipsec.conf file is as 

##########
version 2.0

config setup
        interfaces=%defaultroute
        nat_traversal=yes
       
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16

conn %default
        keyingtries=1
        compress=yes
        disablearrivalcheck=no
        authby=secret



conn road
        left=192.168.21.153                 #
Gateway's information
        leftsubnet=172.16.77.0/24       #
        rightnexthop=%defaultroute     # correct in
many situations
        right=%any                     # Wildcard: we
don't know the laptop's IP
        auto=add                      


***********************************************************************

My raod warrior ipsec.conf is 
******
config setup
        interfaces=%defaultroute
        nat_traversal=yes

conn %default
        keyingtries=1
        compress=yes
        authby=secret



conn road
        #left=%defaultroute             # Picks up our
dynamic IP
        left=192.168.21.132
        leftsourceip=172.16.77.130
        leftsubnet=172.16.77.0/24
        right=192.168.21.153               # Remote
information
        auto=add                      





*****************************************
                      Guidance requested 
                                Thanks 
                                      Joseph John 


      __________________________________________________________
Sent from Yahoo! Mail.
A Smarter Email http://uk.docs.yahoo.com/nowyoucan.html

More information about the Users mailing list