[Openswan Users] cannot respond to IPsec SA request because no connection is known
Dennison Williams
dennison.williams at gmail.com
Mon Apr 12 15:43:08 EDT 2010
Brian Drake wrote:
> "cannot respond to IPsec SA request because no connection is known
> for..." messages on the server side.
This is usually because there is some mismatch in the config on one of
the sides.
> conn roadwarrior-l2tp
> type=transport
> authby=secret
> left=REM.OTE.NET.178
> leftsubnet=REM.OTE.NET.0/24
> leftprotoport=17/1701
> rightsubnet=vhost:%no,%priv
> rightsubnetwithin=192.168.1.0/24 <http://192.168.1.0/24>
> right=%any
> rightprotoport=17/0
> pfs=no
> auto=add
>
>
>
> Apr 10 19:56:39 vpn pluto[30646]: "roadwarrior-l2tp"[2] HO.ME.NET.254
> #1: cannot respond to IPsec SA request because no connection is known
> for
> REM.OTE.NET.178<REM.OTE.NET.178>[+S=C]:17/1701...HO.ME.NET.254[192.168.1.63,+S=C]:17/49470===192.168.1.63/32
> <http://192.168.1.63/32>
> Apr 10 19:56:39 vpn pluto[30646]: "roadwarrior-l2tp"[2] HO.ME.NET.254
> #1: sending encrypted notification INVALID_ID_INFORMATION to
> HO.ME.NET.254:4500
Here you have the client sending 192.168.1.63/32
<http://192.168.1.63/32> 17/0 which seems right. I am not sure about
the rightsubnetwithin directive though. That one is nowhere in the
manpage I have for ipsec.conf.
Sincerely,
Dennison Williams
More information about the Users
mailing list