[Openswan Users] R: Ipsec/l2tp server behind nat, again

Paul Wouters paul at xelerance.com
Thu Sep 25 00:06:32 EDT 2008

On Wed, 24 Sep 2008, Lux wrote:

> virtual_private=%v4:,%v4:,%v4:,%v4:!192
> .168.0.0/24

> "roadwarrior-l2tp"[2] #1: cannot respond to IPsec SA request
> because no connection is known for
> uxnb.iotti.biz,+S=C]:17/%any===

Is the NAT'ed IP of the client? If so, that range needs to
be in the virtual_private= range, which it is not in.

> I don't know if this can be related to the problem, but I found that if I
> add controlmore to plutodebug=, pluto dies with this in the log:
> pluto[16835]: | ******parse ISAKMP Oakley attribute:
> pluto[16835]: |    af+type: OAKLEY_LIFE_DURATION (variable length)
> pluto[16835]: |    length/value: 4

Can you add dumpdir=/tmp and then run with controlmore, and run gdb on
the core in /tmp to see what the crasher is?


More information about the Users mailing list