[Openswan Users] RES: RES: RES: Decrypt ESP packets with wireshark for tunnel mode (Openswan)
Artur Ferreira da Silva
aferreira.mjv at gmail.com
Mon Nov 15 16:05:16 EST 2010
My left is ip local server, my leftid is ip public, this server resides behind a firewall and has ip nateado
-----Mensagem original-----
De: Willie Gillespie [mailto:wgillespie+openswan at es2eng.com]
Enviada em: segunda-feira, 15 de novembro de 2010 12:29
Para: Artur Ferreira da Silva
Cc: Users at openswan.org
Assunto: Re: RES: [Openswan Users] RES: Decrypt ESP packets with wireshark for tunnel mode (Openswan)
From your other message, your error is:
cannot respond to IPsec SA request because no connection is known for
0.0.0.0/0===10.205.22.212<10.205.22.212>[50.16.5.234,+S=C]...201.7.186.162<2
01.7.186.162>[+S=C]===0.0.0.0/0
Looks like maybe left or leftid is incorrect.
Artur Ferreira da Silva wrote:
> I'm using openswan behind a firewall configuration follows,
>
>
> ipsec.secrets
>
> a.b6.5.234 201.7.186.162: PSK "$key$"
>
>
> ipsec.conf
> conn openswan-checkpoint
>
> type=tunnel
> keyexchange=ike
> auth=esp
> pfs=no
> authby=secret
> keyingtries=0
> forceencaps=yes
> compress=no
> aggrmode=no
> auto=start
> #FASE 1
> ike=3des-sha1-modp1024
> ikelifetime=86400s
> #FASE 2
> esp=3des-sha1
> keylife=3600s
> #Node my
> left=10.205.22.212
> leftid=a.b6.5.234
> leftsubnet=10.5.57.0/24
> leftnexthop=%defaultroute
> leftsourceip=10.5.57.1
> #NODE checkpoint
> right=cd1.7.186.162
> rightid=cd1.7.186.162
> rightsubnet=10.5.35.0/24
>
> -----Mensagem original-----
> De: Paul Wouters [mailto:paul at xelerance.com]
> Enviada em: sexta-feira, 12 de novembro de 2010 16:56
> Para: Artur Ferreira da Silva
> Cc: 'Kevin Wilson'; 'Willie Gillespie'; Users at openswan.org
> Assunto: Re: [Openswan Users] RES: Decrypt ESP packets with wireshark for
> tunnel mode (Openswan)
>
> On Fri, 12 Nov 2010, Artur Ferreira da Silva wrote:
>
>> can someone help me with this error?
>>
>> cannot respond to IPsec SA request because no connection is known for
>>
> 0.0.0.0/0===10.205.22.212<10.205.22.212>[50.16.5.234,+S=C]...201.7.186.162<2
>> 01.7.186.162>[+S=C]===0.0.0.0/0
>> Nov 12 13:31:37 ip-10-205-22-212 pluto[27445]: | complete state transition
>> with (null)
>
> Too much debugging enabled. for config errors, which this is, NO DEBUG
> should be
> used.
>
>> Nov 12 13:31:37 ip-10-205-22-212 pluto[27445]: "globo" #2: sending
> encrypted
>> notification INVALID_ID_INFORMATION to 201.7.186.162:500
>
> There is a config mismatch between the two ends. Verify your left/right id's
>
> Paul
>
More information about the Users
mailing list