[Openswan Users] cannot respond to IPsec SA request because no connection is known for 172.16.77.0/24===192.168.21.153...192.168.21.132===172.16.77.0/24
Jean-Michel Caricand
jean-michel.caricand at lifc.univ-fcomte.fr
Mon May 12 09:06:07 EDT 2008
> Hi
> I am trying to configure ipsec (without L2TPD)
> using psk
> I have my testing GW (Linux) interface eth0 =
> 192.168.21.153/24 (external interface ) and eth1 =
> 172.168.77.128/24 (internal interface )
>
> I have my road-warrior machine (Linux)192.168.21.132
>
> I want my road warrior to get connected to the VPN GW
> (internal network 1 using ipsec and then get connected
> to the internal network (172.168.77.0/24)
>
>
> I did necessary changes to the ipsec.conf both GW and
> roadwarrior , when I start to make the connection , I
> get message showing that
>
> STATE_MAIN_R3: sent MR3, ISAKMP SA established
> {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192
> prf=oakley_md5 group=modp1536}
> May 12 13:10:26 VPN-LEFT pluto[29835]: "road"[1]
> 192.168.21.132 #1: cannot respond to IPsec SA request
> because no connection is known for
> 172.16.77.0/24===192.168.21.153...192.168.21.132===172.16.77.0/24
> May 12 13:10:26 VPN-LEFT pluto[29835]: "road"[1]
> 192.168.21.132 #1: sending encrypted notification
> INVALID_ID_INFORMATION to 192.168.21.132:500
> May 12 13:10:36 VPN-LEFT pluto[29835]: "road"[1]
> 192.168.21.132 #1: Quick Mode I1 message is
> unacceptable because it uses a previously used Message
> ID 0x5c595c6d (perhaps this is a duplicated packet)
> May 12 13:10:36 VPN-LEFT pluto[29835]: "road"[1]
> 192.168.21.132 #1: sending encrypted notification
> INVALID_MESSAGE_ID to 192.168.21.132:500
> May 12 13:10:56 VPN-LEFT pluto[29835]: "road"[1]
> 192.168.21.132 #1: Quick Mode I1 message is
> unacceptable because it uses a previously used Message
> ID 0x5c595c6d (perhaps this is a duplicated packet)
>
>
>
>
> ######################
> my GW ipsec.conf file is as
>
> ##########
> version 2.0
>
> config setup
> interfaces=%defaultroute
> nat_traversal=yes
>
> virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
>
> conn %default
> keyingtries=1
> compress=yes
> disablearrivalcheck=no
> authby=secret
>
>
>
> conn road
> left=192.168.21.153 #
> Gateway's information
> leftsubnet=172.16.77.0/24 #
> rightnexthop=%defaultroute # correct in
> many situations
> right=%any # Wildcard: we
> don't know the laptop's IP
> auto=add
>
>
> ***********************************************************************
>
> My raod warrior ipsec.conf is
> ******
> config setup
> interfaces=%defaultroute
> nat_traversal=yes
>
> conn %default
> keyingtries=1
> compress=yes
> authby=secret
>
>
>
> conn road
> #left=%defaultroute # Picks up our
> dynamic IP
> left=192.168.21.132
> leftsourceip=172.16.77.130
> leftsubnet=172.16.77.0/24
> right=192.168.21.153 # Remote
> information
> auto=add
>
>
>
>
>
> *****************************************
> Guidance requested
> Thanks
> Joseph John
>
>
> __________________________________________________________
> Sent from Yahoo! Mail.
> A Smarter Email http://uk.docs.yahoo.com/nowyoucan.html
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
Hi,
In your connection definitions, you must add yours PSK with leftrsasignkey
and rightrsasignkey options.
- Jean-Michel
More information about the Users
mailing list