[Openswan Users] cannot respond to IPsec SA request because no connection is known for

Jacques Charles jxcjxc at gmail.com
Mon Feb 7 15:57:51 EST 2011 

Hi



I am having difficulties setting up a vpn using openswan  2.4.7-3.fc7 on a
fedora core 7 system



Here is the setup:



On my side

My ISP provides a closed box giving me the public adress 194.x.y.z on
internet and forwarding everything to my Linux box on 192.168.1.100

The other linux interface is 10.30.1.1 and the internal network is
10.30.0.0/16



On the other side

There is a vpn checkpoint with the public address 212.a.b.c

The people I want to allow are coming from an address in 195.d.e.32/27

They want to connect to a subnet 10.251.156.248/29



Here is the connexion config :

     authby=secret

     left=192.168.1.100

     leftid=194.206.248.218

     leftsubnet=10.251.156.249/29

     leftnexthop=%defaultroute

     right=212.221.52.132

     rightsubnet=195.72.91.32/27

     rightnexthop=%defaultroute

     auto=start



and the log :

Feb  7 17:58:42 server pluto[20624]: | find_client_connection starting with
i-to-b

Feb  7 17:58:42 server pluto[20624]: |   looking for 10.251.156.250/32:0/0->
195.72.91.51/32:0/0

Feb  7 17:58:42 server pluto[20624]: |   concrete checking against sr#0
10.251.156.248/29 -> 195.72.91.32/27

Feb  7 17:58:42 server pluto[20624]: |    match_id a=212.a.b.c

Feb  7 17:58:42 server pluto[20624]: |             b=212.a.b.c

Feb  7 17:58:42 server pluto[20624]: |    results  matched

Feb  7 17:58:42 server pluto[20624]: |   trusted_ca called with a=(empty)
b=(empty)

Feb  7 17:58:42 server pluto[20624]: |   fc_try trying i-to-b:
10.251.156.250/32:0/0 -> 195.72.91.51/32:0/0 vs

i-to-b:10.251.156.248/29:0/0 -> 195.72.91.32/27:0/0

Feb  7 17:58:42 server pluto[20624]: |   fc_try concluding with none [0]

Feb  7 17:58:42 server pluto[20624]: |   fc_try i-to-b gives none

Feb  7 17:58:42 server pluto[20624]: | find_host_pair: comparing to
192.168.1.100:500 212.a.b.c:500

Feb  7 17:58:42 server pluto[20624]: |   checking hostpair
10.251.156.248/29-> 195.d.e.32/27 is not found

Feb  7 17:58:42 server pluto[20624]: |   concluding with d = none

Feb  7 17:58:42 server pluto[20624]: "i-to-b" #3: cannot respond to IPsec SA
request because no connection is known for
10.251.156.250/32===192.168.1.100[194.x.y.z]...212.221.52.132===195.d.e.51/32



What am I doing wrong?

Thanks in advance



Jacques Charles
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20110207/28c8d8a5/attachment.html

More information about the Users mailing list