[Openswan Users] no connection is known for...

sf at schooler.net sf at schooler.net
Fri Sep 11 20:11:43 EDT 2009 

I've been working on this for weeks (including reading this userlist 
archive), and just can't get it working. Any help?

I have a centos box at home that has a public IP connected to the Internet 
(say 216.20.77.66). It is also the gateway for my private network (say 
192.168.99.2). I have a Fedora 10 laptop that I'd like to be part of the 
private network when I'm on the road, and I'd like the connection to home 
to be encrypted - I don't even know if those are two separate setups. (I 
might want to do the same with my Fedora 11 laptop, but that's down the 
road).

Any advice would be really cool!

The furthest I got produced the following error in the "secure" log on the 
centos box (I was using the local Library's network):

Sep 11 15:50:25 schooler pluto[14426]: "road"[1] 208.71.200.88 #1: cannot 
respond to IPsec SA request because no connection is known for 
192.168.99.0/24===216.20.77.66<216.20.77.66>[@centos.schooler.net,+S=C]...208.71.200.88[@asus.schooler.net,+S=C]===172.16.141.23/32

and on the screen on the Fedora laptop:

117 "road" #2: STATE_QUICK_I1: initiate
010 "road" #2: STATE_QUICK_I1: retransmission; will wait 20s for response
010 "road" #2: STATE_QUICK_I1: retransmission; will wait 40s for response
031 "road" #2: max number of retransmissions (2) reached STATE_QUICK_I1. 
No acceptable response to our first Quick Mode message: perhaps peer likes 
no proposal
000 "road" #2: starting keying attempt 2 of an unlimited number, but 
releasing whack

Thanks!

Dave

/etc/ipsec.conf on the Fedora laptop:

version 2.0
config setup
         protostack=netkey
         nat_traversal=yes
         virtual_private=
         oe=off
         nhelpers=0
conn road
     compress=no
     left=%defaultroute
     leftid=@asus.schooler.net
     leftrsasigkey=0sAQOm4j...
     right=216.20.77.66
     rightsubnet=192.168.99.2/24
     rightid=@centos.schooler.net
     rightrsasigkey=0sAQPQkk...
     auto=add

/etc/ipsec.conf on the centos box:

version 2.0
config setup
         protostack=netkey
         nat_traversal=yes
conn road
     compress=no
     left=216.20.77.66
     leftid=@centos.schooler.net
     leftsubnet=192.168.99.2/24
     leftrsasigkey=0sAQPQkk...
     rightnexthop=%defaultroute
     right=%any
     rightid=@asus.schooler.net
     rightrsasigkey=0sAQOm4j...
     auto=add

More information about the Users mailing list