[Openswan Users] cannot respond to IPsec SA request because no connection is known for

Janantha Marasinghe janantha at techcert.lk
Thu Mar 19 04:09:19 EDT 2009 

Thanks Andrew,

I have included nat_traversal=yes in the ipsec.conf and restarted the 
services but still the same!


andrew colin wrote:
> I think you do not have nat traversal enabled that is why.
>
> On Thu, Mar 19, 2009 at 5:54 AM, Janantha Marasinghe
> <janantha at techcert.lk> wrote:
>   
>> Dear All,
>>
>> Currently I'm trying to connect to my openswan server.  My network setup
>> is given below. When I try to connect using a fully up to date SP3
>> Windows XP system .. I see the following error in the vpn server's
>> secure log
>>
>> Mar 19 09:06:02 mooshika pluto[18623]: "L2TP-PSK"[4]
>> roadwarrior-routerip #2: cannot respond to IPsec SA request because no
>> connection is known for
>> vpn.server.ip<vpn.server.ip>[+S=C]:17/1701...roadwarrior-routerip[@computername-37a9ea,+S=C]:17/1701===172.16.0.9/32
>> Mar 19 09:06:02 mooshika pluto[18623]: "L2TP-PSK"[4]
>> roadwarrior-routerip #2: sending encrypted notification
>> INVALID_ID_INFORMATION to roadwarrior-routerip:4500
>> Mar 19 09:06:03 mooshika pluto[18623]: "L2TP-PSK"[4]
>> roadwarrior-routerip #2: peer client type is FQDN
>> Mar 19 09:06:03 mooshika pluto[18623]: "L2TP-PSK"[4]
>> roadwarrior-routerip #2: Applying workaround for MS-818043 NAT-T bug
>> Mar 19 09:06:03 mooshika pluto[18623]: "L2TP-PSK"[4]
>> roadwarrior-routerip #2: IDci was FQDN: \300\370\010k, using
>> NAT_OA=172.16.0.9/32 as IDci
>> Mar 19 09:06:03 mooshika pluto[18623]: "L2TP-PSK"[4]
>> roadwarrior-routerip #2: the peer proposed: vpn.server.ip/32:17/1701 ->
>> 172.16.0.9/32:17/1701
>> Mar 19 09:06:03 mooshika pluto[18623]: "L2TP-PSK"[4]
>> roadwarrior-routerip #2: cannot respond to IPsec SA request because no
>> connection is known for
>> vpn.server.ip<vpn.server.ip>[+S=C]:17/1701...roadwarrior-routerip[@computer-37a9ea,+S=C]:17/1701===172.16.0.9/32
>>
>>
>>  private network
>> 172.16.0.0/255.255.255.240 --> ADSL Router(NAT enabled)
>> ---------Internet--------------OpenswanVPN(Public IP Address)
>>
>> My IPsec.conf is
>>
>> # /etc/ipsec.conf - Openswan IPsec configuration file
>> #
>> # Manual:     ipsec.conf.5
>> #
>> # Please place your own config files in /etc/ipsec.d/ ending in .conf
>>
>> version 2.0     # conforms to second version of ipsec.conf specification
>>
>> # basic configuration
>> config setup
>>        # Debug-logging controls:  "none" for (almost) none, "all" for lots.
>>        # klipsdebug=none
>>        # plutodebug="control parsing"
>>        # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
>>        protostack=netkey
>>
>> conn L2TP-PSK
>>        #
>>        authby=secret
>>        pfs=no
>>        rekey=no
>>        keyingtries=3
>>        #
>>        # ----------------------------------------------------------
>>        # The VPN server.
>>        #
>>        # Allow incoming connections on the external network interface.
>>        # If you want to use a different interface or if there is no
>>        # defaultroute, you can use:   left=your.ip.addr.ess
>>        #
>>        left=public.ip.address.of.vpn.server
>>        #
>>        leftprotoport=17/1701
>>        # If you insist on supporting non-updated Windows clients,
>>        # you can use:    leftprotoport=17/%any
>>        #
>>        # ----------------------------------------------------------
>>        # The remote user(s).
>>        #
>>        # Allow incoming connections only from this IP address.
>>        right=%any
>>        # If you want to allow multiple connections from any IP address,
>>        # you can use:    right=%any
>>        #
>>        rightprotoport=17/1701
>>        #
>>        # ----------------------------------------------------------
>>        # Change 'ignore' to 'add' to enable this configuration.
>>        #
>>        auto=add
>>
>> include /etc/ipsec.d/no_oe.conf
>>
>> Do I have to put additional information in the ipsec.conf to include
>> 172.16.0.0./255.255.255.240 ?
>>
>> --
>>
>> _______________________________________________
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>
>>     
>
>
>
>   

-- 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090319/d7ffaaa6/attachment.html

More information about the Users mailing list