[Openswan Users] Error: cannot initiate connection without knowing peer IP address (kind=CK_TEMPLATE) when running "ipsec auto --up"

Paul Wouters paul at xelerance.com
Thu Nov 12 14:44:55 EST 2009


On Thu, 12 Nov 2009, Mark Ryden wrote:

> I am running openswan-2.6.21-2 on fc10. I am trying to configure it to use
> L2TP. I prepared /etc/ipsec.conf according to the l2tp-psk.conf.in of
> the program/examples of the openswan source tree (See below).
> The external IP of the machine is 82.83.83.194, and the default gw is
> 82.83.83.200.
>
> I ran /etc/init.d/ipsec start and it was ok.
>
> But When running:
>
> "ipsec auto --up L2TP-PSK-noNAT"
>
> I got:
> 029 "L2TP-PSK-noNAT": cannot initiate connection without knowing peer
> IP address (kind=CK_TEMPLATE)

A server can only --add connection, not --up connections, if you configure
them with "%any". You cannot initiate to a dynamic IP. Use ipsec auto --add
instead. In the config file, use auto=add instead of auto=start.

Paul


More information about the Users mailing list