[Openswan Users] Help configuring simple IPSec from Linux to Windows - "cannot respond to IPsec SA request because no connection is known"

Paddy Doyle paddy at tchpc.tcd.ie
Tue Apr 10 12:40:07 EDT 2012

Got it working, so thought I'd post the solution in case anyone has a similar

It was the IP Filter on the Windows side that was causing the mis-match. I had
configured it just to match ICMP traffic only (not all traffic) for testing.

On the Linux side, the connection was set to encrypt all traffic, not just ICMP.
Hence the mis-match.

For the record, this was the ipsec conf that I used in the end:

conn windoze

The FAQ does mention "The match must be exact".. but I was concentrating on this
meaning that the IP addresses and/or subnets must match, not thinking about the
protocols matching as well.

I guess that's where the leftprotoport setting comes into it. After another trip
to the man page I now understand the "0/0" means any protocol/port, whereas my
Windows side was trying to negotiate on "1/0" meaning ICMP.

Apr 10 16:51:49 linuxhost pluto[22187]: "windoze" #2: the peer proposed: ->
Apr 10 16:51:49 linuxhost pluto[22187]: "windoze" #2: cannot respond to IPsec SA request because no connection is known for<>[+S=C]:1/0...<>[+S=C]:1/0
Apr 10 16:51:49 linuxhost pluto[22187]: "windoze" #2: sending encrypted notification INVALID_ID_INFORMATION to


Paddy Doyle
Trinity Centre for High Performance Computing,
Lloyd Building, Trinity College Dublin, Dublin 2, Ireland.
Phone: +353-1-896-3725

More information about the Users mailing list