[Openswan Users] cannot respond to IPsec SA request because no connection is known for 172.16.77.0/24===192.168.21.153...192.168.21.132===172.16.77.0/24
John Joseph
jjk_saji at yahoo.com
Wed May 14 08:06:20 EDT 2008
--- Jean-Michel Caricand
<jean-michel.caricand at lifc.univ-fcomte.fr> wrote:
>
> I think it's not a PSK problem. Can you try with
> theses files ?
>
> # GW ipsec.conf
> version 2.0
>
> config setup
> interfaces=%defaultroute
> nat_traversal=yes
>
>
virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16
>
> conn %default
> keyingtries=1
> compress=yes
> disablearrivalcheck=no
> authby=secret
>
> conn road
> left=192.168.21.153
> leftsubnet=172.16.77.0/24
> right=%any
> rightid=@road
> auto=add
>
> And perhaps :
> # GW ipsec.secrets
> 192.168.21.153 %any : PSK "the passphrase"
>
>
> # RW ipsec.conf
> config setup
> interfaces=%defaultroute
> nat_traversal=yes
>
> conn %default
> keyingtries=1
> compress=yes
> authby=secret
>
> conn road
> left=%defaultroute
> leftsubnet=172.16.77.0/24
> leftid=@road
> right=192.168.21.153
> auto=add
Hi Jean
Thanks for the mail , I did change the ipsec.conf
and ipsec.secrets (GW)
I Still the same message I am getting the same message
no connection is known for
"192.168.21.153...192.168.21.132[@road]===172.16.77.0/24"
I have added the log files .
Guidance requested
Thanks
Joseph John
May 14 15:21:27 VPN-LEFT pluto[7590]: "road"[1]
192.168.21.132 #1: responding to Main Mode from
unknown peer 192.168.21.132
May 14 15:21:27 VPN-LEFT pluto[7590]: "road"[1]
192.168.21.132 #1: transition from state STATE_MAIN_R0
to state STATE_MAIN_R1
May 14 15:21:27 VPN-LEFT pluto[7590]: "road"[1]
192.168.21.132 #1: STATE_MAIN_R1: sent MR1, expecting
MI2
May 14 15:21:27 VPN-LEFT pluto[7590]: "road"[1]
192.168.21.132 #1: NAT-Traversal: Result using
draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected
May 14 15:21:27 VPN-LEFT pluto[7590]: "road"[1]
192.168.21.132 #1: transition from state STATE_MAIN_R1
to state STATE_MAIN_R2
May 14 15:21:27 VPN-LEFT pluto[7590]: "road"[1]
192.168.21.132 #1: STATE_MAIN_R2: sent MR2, expecting
MI3
May 14 15:21:27 VPN-LEFT pluto[7590]: "road"[1]
192.168.21.132 #1: Main mode peer ID is ID_FQDN:
'@road'
May 14 15:21:27 VPN-LEFT pluto[7590]: "road"[1]
192.168.21.132 #1: I did not send a certificate
because I do not have one.
May 14 15:21:27 VPN-LEFT pluto[7590]: "road"[1]
192.168.21.132 #1: transition from state STATE_MAIN_R2
to state STATE_MAIN_R3
May 14 15:21:27 VPN-LEFT pluto[7590]: "road"[1]
192.168.21.132 #1: STATE_MAIN_R3: sent MR3, ISAKMP SA
established {auth=OAKLEY_PRESHARED_KEY
cipher=oakley_3des_cbc_192 prf=oakley_md5
group=modp1536}
May 14 15:21:27 VPN-LEFT pluto[7590]: "road"[1]
192.168.21.132 #1: cannot respond to IPsec SA request
because no connection is known for
192.168.21.153...192.168.21.132[@road]===172.16.77.0/24
May 14 15:21:27 VPN-LEFT pluto[7590]: "road"[1]
192.168.21.132 #1: sending encrypted notification
INVALID_ID_INFORMATION to 192.168.21.132:500
May 14 15:21:37 VPN-LEFT pluto[7590]: "road"[1]
192.168.21.132 #1: Quick Mode I1 message is
unacceptable because it uses a previously used Message
ID 0xdd10bdb4 (perhaps this is a duplicated packet)
May 14 15:21:37 VPN-LEFT pluto[7590]: "road"[1]
192.168.21.132 #1: sending encrypted notification
INVALID_MESSAGE_ID to 192.168.21.132:500
May 14 15:21:57 VPN-LEFT pluto[7590]: "road"[1]
192.168.21.132 #1: Quick Mode I1 message is
unacceptable because it uses a previously used Message
ID 0xdd10bdb4 (perhaps this is a duplicated packet)
May 14 15:21:57 VPN-LEFT pluto[7590]: "road"[1]
192.168.21.132 #1: sending encrypted notification
INVALID_MESSAGE_ID to 192.168.21.132:500
>
>
> - Jean-Michel
>
>
>
__________________________________________________________
Sent from Yahoo! Mail.
A Smarter Email http://uk.docs.yahoo.com/nowyoucan.html
More information about the Users
mailing list