[Openswan Users] cannot respond to IPsec SA request because no connection is known for
Janantha Marasinghe
janantha at techcert.lk
Wed Mar 18 23:54:56 EDT 2009
Dear All,
Currently I'm trying to connect to my openswan server. My network setup
is given below. When I try to connect using a fully up to date SP3
Windows XP system .. I see the following error in the vpn server's
secure log
Mar 19 09:06:02 mooshika pluto[18623]: "L2TP-PSK"[4]
roadwarrior-routerip #2: cannot respond to IPsec SA request because no
connection is known for
vpn.server.ip<vpn.server.ip>[+S=C]:17/1701...roadwarrior-routerip[@computername-37a9ea,+S=C]:17/1701===172.16.0.9/32
Mar 19 09:06:02 mooshika pluto[18623]: "L2TP-PSK"[4]
roadwarrior-routerip #2: sending encrypted notification
INVALID_ID_INFORMATION to roadwarrior-routerip:4500
Mar 19 09:06:03 mooshika pluto[18623]: "L2TP-PSK"[4]
roadwarrior-routerip #2: peer client type is FQDN
Mar 19 09:06:03 mooshika pluto[18623]: "L2TP-PSK"[4]
roadwarrior-routerip #2: Applying workaround for MS-818043 NAT-T bug
Mar 19 09:06:03 mooshika pluto[18623]: "L2TP-PSK"[4]
roadwarrior-routerip #2: IDci was FQDN: \300\370\010k, using
NAT_OA=172.16.0.9/32 as IDci
Mar 19 09:06:03 mooshika pluto[18623]: "L2TP-PSK"[4]
roadwarrior-routerip #2: the peer proposed: vpn.server.ip/32:17/1701 ->
172.16.0.9/32:17/1701
Mar 19 09:06:03 mooshika pluto[18623]: "L2TP-PSK"[4]
roadwarrior-routerip #2: cannot respond to IPsec SA request because no
connection is known for
vpn.server.ip<vpn.server.ip>[+S=C]:17/1701...roadwarrior-routerip[@computer-37a9ea,+S=C]:17/1701===172.16.0.9/32
private network
172.16.0.0/255.255.255.240 --> ADSL Router(NAT enabled)
---------Internet--------------OpenswanVPN(Public IP Address)
My IPsec.conf is
# /etc/ipsec.conf - Openswan IPsec configuration file
#
# Manual: ipsec.conf.5
#
# Please place your own config files in /etc/ipsec.d/ ending in .conf
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing"
# For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
protostack=netkey
conn L2TP-PSK
#
authby=secret
pfs=no
rekey=no
keyingtries=3
#
# ----------------------------------------------------------
# The VPN server.
#
# Allow incoming connections on the external network interface.
# If you want to use a different interface or if there is no
# defaultroute, you can use: left=your.ip.addr.ess
#
left=public.ip.address.of.vpn.server
#
leftprotoport=17/1701
# If you insist on supporting non-updated Windows clients,
# you can use: leftprotoport=17/%any
#
# ----------------------------------------------------------
# The remote user(s).
#
# Allow incoming connections only from this IP address.
right=%any
# If you want to allow multiple connections from any IP address,
# you can use: right=%any
#
rightprotoport=17/1701
#
# ----------------------------------------------------------
# Change 'ignore' to 'add' to enable this configuration.
#
auto=add
include /etc/ipsec.d/no_oe.conf
Do I have to put additional information in the ipsec.conf to include
172.16.0.0./255.255.255.240 ?
--
More information about the Users
mailing list