[Openswan Users] Openswan Xl2tpd error when connecting VPN on

Mateen Fugawala mateen.fugawala at hotmail.com
Mon Jan 24 04:12:58 EST 2011 

I finally managed to get my connection running. Not sure how did It happen now but I restored my snapshot to original state and re configured everything again. It works fine now...

Here is my latest ipsec.conf
config setup
        protostack=netkey
        nat_traversal=yes
        virtual_private=%v4:10.0.0.0/8,%v4:172.16.0.0/12,%v4:192.168.0.0/16:,%v4:!192.168.1.0/24
        oe=off
        nhelpers=0

conn L2TP-PSK
        authby=secret
        pfs=no
        auto=add
        keyingtries=3
        rekey=no
        ikelifetime=8h
        keylife=1h
        type=transport
        left=192.168.1.11
        leftprotoport=17/1701
        leftnexthop=192.168.1.1
        right=%any
        rightprotoport=17/0
        rightsubnet=vhost:%no,%pri


Willie,

I may get an NDR not sure why when I reply to users at openswan.org. could you please fyi this email to the list for everyones reference. 

Thanks for the help.. much appreciated...


-----Original Message-----
From: Willie Gillespie [mailto:wgillespie+openswan at es2eng.com] 
Sent: Monday, January 24, 2011 3:58 AM
To: Mateen Fugawala
Cc: users at openswan.org
Subject: Re: [Openswan Users] Openswan Xl2tpd error when connecting VPN on

Mateen Fugawala wrote:
> 000 virtual_private (%priv):
> 000 - allowed 3 subnets: 10.0.0.0/8, 192.168.0.0/16, 192.168.1.0/24
> 000 - disallowed 0 subnets:
> 000 WARNING: Disallowed subnets in virtual_private= is empty. If you have
> 000          private address space in internal use, it should be excluded!

Looks like your setting change may not be catching on.

Also, from your log files:
Jan 22 14:36:12 fedoravm pluto[9013]: "L2TP-PSK"[1] 192.168.1.2 #1: 
STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp2048} Jan 22 14:36:12 fedoravm pluto[9013]: "L2TP-PSK"[1] 192.168.1.2 #1: the peer proposed: 192.168.1.11/32:17/1701 -> 192.168.1.2/32:17/0 Jan 22 14:36:12 fedoravm pluto[9013]: "L2TP-PSK"[1] 192.168.1.2 #1: 
cannot respond to IPsec SA request because no connection is known for
192.168.1.11<192.168.1.11>[+S=C]:17/1701...192.168.1.2[+S=C]:17/1701

The last line indicates what the problem is.  I'm not exactly sure how to fix it.  Anyone else have thoughts here?

More information about the Users mailing list