[Openswan Users] RES: RES: RES: Decrypt ESP packets with wireshark for tunnel mode (Openswan)

Artur Ferreira da Silva aferreira.mjv at gmail.com
Mon Nov 15 16:05:16 EST 2010


My left is ip local server, my leftid is ip public, this server resides behind a firewall and has ip nateado

-----Mensagem original-----
De: Willie Gillespie [mailto:wgillespie+openswan at es2eng.com] 
Enviada em: segunda-feira, 15 de novembro de 2010 12:29
Para: Artur Ferreira da Silva
Cc: Users at openswan.org
Assunto: Re: RES: [Openswan Users] RES: Decrypt ESP packets with wireshark for tunnel mode (Openswan)

 From your other message, your error is:

cannot respond to IPsec SA request because no connection is known for
0.0.0.0/0===10.205.22.212<10.205.22.212>[50.16.5.234,+S=C]...201.7.186.162<2
01.7.186.162>[+S=C]===0.0.0.0/0

Looks like maybe left or leftid is incorrect.

Artur Ferreira da Silva wrote:
> I'm using openswan behind a firewall configuration follows,
> 
> 
> ipsec.secrets
> 
> a.b6.5.234 201.7.186.162: PSK "$key$"
> 
> 
> ipsec.conf
> conn openswan-checkpoint
> 
>         type=tunnel
>         keyexchange=ike
>         auth=esp
>         pfs=no
>         authby=secret
>         keyingtries=0
>         forceencaps=yes
>         compress=no
>         aggrmode=no
>         auto=start
>         #FASE 1
>         ike=3des-sha1-modp1024
>         ikelifetime=86400s
>         #FASE 2
>         esp=3des-sha1
>         keylife=3600s
>         #Node my
>         left=10.205.22.212
>         leftid=a.b6.5.234
>         leftsubnet=10.5.57.0/24
>         leftnexthop=%defaultroute
>         leftsourceip=10.5.57.1
>         #NODE checkpoint
>         right=cd1.7.186.162
>         rightid=cd1.7.186.162
>         rightsubnet=10.5.35.0/24
> 
> -----Mensagem original-----
> De: Paul Wouters [mailto:paul at xelerance.com] 
> Enviada em: sexta-feira, 12 de novembro de 2010 16:56
> Para: Artur Ferreira da Silva
> Cc: 'Kevin Wilson'; 'Willie Gillespie'; Users at openswan.org
> Assunto: Re: [Openswan Users] RES: Decrypt ESP packets with wireshark for
> tunnel mode (Openswan)
> 
> On Fri, 12 Nov 2010, Artur Ferreira da Silva wrote:
> 
>> can someone help me with this error?
>>
>> cannot respond to IPsec SA request because no connection is known for
>>
> 0.0.0.0/0===10.205.22.212<10.205.22.212>[50.16.5.234,+S=C]...201.7.186.162<2
>> 01.7.186.162>[+S=C]===0.0.0.0/0
>> Nov 12 13:31:37 ip-10-205-22-212 pluto[27445]: | complete state transition
>> with (null)
> 
> Too much debugging enabled. for config errors, which this is, NO DEBUG
> should be
> used.
> 
>> Nov 12 13:31:37 ip-10-205-22-212 pluto[27445]: "globo" #2: sending
> encrypted
>> notification INVALID_ID_INFORMATION to 201.7.186.162:500
> 
> There is a config mismatch between the two ends. Verify your left/right id's
> 
> Paul
> 



More information about the Users mailing list