[Openswan Users] Openswan/xl2tpd issue with nated roadwarriors

Paul Wouters paul at xelerance.com
Sat Jun 20 14:11:32 EDT 2009

On Sat, 20 Jun 2009, Sebastian Gomez Velasco wrote:

> Hi Paul, thanks for the reply.
> About bug #1004, I'm not getting this error:  "cannot respond to IPsec SA request because no connection is known for......."
> like said in https://gsoc.xelerance.com/issues/1004

That part was fixed, but the policies are still not entirely correct on openswan 2.6.x. Please use 2.4.14.

> I tried with transport mode, but I got the same messages, except in /var/log/secure, where IPSec SA changed from "tunnel" to
> "transport"

That's how it is supposed to be.

You can see the policy is wrong using "ip xfrm pol" and "ip xfrm state". You'll notice that port 1701 is no
where to be found in the policy anymore on openswan 2.6.x.


More information about the Users mailing list