[Openswan Users] "Cannot respond to IPsec SA request because no connection is known for xxx" on IPV6
Tydus
tydus at tydus.org
Mon Jul 16 03:49:11 EDT 2012
Hi list, I'm new to openswan, and I tried to make a tunnel and run L2TP over it. On IPV4, everything goes well. But after many efforts, I'm blocked by "Cannot respond to IPsec SA request because no connection is known for xxx" issue. I wonder if there're some problems in my conf and secret, though I tried many combinations. I'm not familiar with ipsec/openswan/pluto etc. So plz help me dealing it, many thanks. Tydus Ken # Log Jul 16 16:13:07 svr pluto[28490]: packet from 2001::face:feed:deed:beef:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008] Jul 16 16:13:07 svr pluto[28490]: packet from 2001::face:feed:deed:beef:500: ignoring Vendor ID payload [FRAGMENTATION] Jul 16 16:13:07 svr pluto[28490]: packet from 2001::face:feed:deed:beef:500: ignoring Vendor ID payload [MS-Negotiation Discovery Capable] Jul 16 16:13:07 svr pluto[28490]: packet from 2001::face:feed:deed:beef:500: ignoring Vendor ID payload [Vid-Initial-Contact] Jul 16 16:13:07 svr pluto[28490]: packet from 2001::face:feed:deed:beef:500: ignoring Vendor ID payload [IKE CGA version 1] Jul 16 16:13:07 svr pluto[28490]: "L2TP-PSK-IPV6"[1] 2001::face:feed:deed:beef #3: responding to Main Mode from unknown peer 2001::face:feed:deed:beef Jul 16 16:13:07 svr pluto[28490]: "L2TP-PSK-IPV6"[1] 2001::face:feed:deed:beef #3: OAKLEY_GROUP 20 not supported. Attribute OAKLEY_GROUP_DESCRIPTION Jul 16 16:13:07 svr pluto[28490]: "L2TP-PSK-IPV6"[1] 2001::face:feed:deed:beef #3: OAKLEY_GROUP 19 not supported. Attribute OAKLEY_GROUP_DESCRIPTION Jul 16 16:13:07 svr pluto[28490]: "L2TP-PSK-IPV6"[1] 2001::face:feed:deed:beef #3: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Jul 16 16:13:07 svr pluto[28490]: "L2TP-PSK-IPV6"[1] 2001::face:feed:deed:beef #3: STATE_MAIN_R1: sent MR1, expecting MI2 Jul 16 16:13:07 svr pluto[28490]: "L2TP-PSK-IPV6"[1] 2001::face:feed:deed:beef #3: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Jul 16 16:13:07 svr pluto[28490]: "L2TP-PSK-IPV6"[1] 2001::face:feed:deed:beef #3: STATE_MAIN_R2: sent MR2, expecting MI3 Jul 16 16:13:07 svr pluto[28490]: "L2TP-PSK-IPV6"[1] 2001::face:feed:deed:beef #3: Main mode peer ID is ID_IPV6_ADDR: '2001::face:feed:deed:beef' Jul 16 16:13:07 svr pluto[28490]: "L2TP-PSK-IPV6"[1] 2001::face:feed:deed:beef #3: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 Jul 16 16:13:07 svr pluto[28490]: "L2TP-PSK-IPV6"[1] 2001::face:feed:deed:beef #3: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp2048} Jul 16 16:13:08 svr pluto[28490]: "L2TP-PSK-IPV6"[1] 2001::face:feed:deed:beef #3: the peer proposed: 2001:f00:ba2::/128:17/1701 -> 2001::face:feed:deed:beef/128:17/0 Jul 16 16:13:08 svr pluto[28490]: "L2TP-PSK-IPV6"[1] 2001::face:feed:deed:beef #3: cannot respond to IPsec SA request because no connection is known for 2001:f00:ba2::<2001:f00:ba2::>[+S=C]:17/1701...2001::face:feed:deed:beef[+S=C]:17/%any Jul 16 16:13:08 svr pluto[28490]: "L2TP-PSK-IPV6"[1] 2001::face:feed:deed:beef #3: sending encrypted notification INVALID_ID_INFORMATION to 2001::face:feed:deed:beef:500 Jul 16 16:13:09 svr pluto[28490]: "L2TP-PSK-IPV6"[1] 2001::face:feed:deed:beef #3: the peer proposed: 2001:f00:ba2::/128:17/1701 -> 2001::face:feed:deed:beef/128:17/0 Jul 16 16:13:09 svr pluto[28490]: "L2TP-PSK-IPV6"[1] 2001::face:feed:deed:beef #3: cannot respond to IPsec SA request because no connection is known for 2001:f00:ba2::<2001:f00:ba2::>[+S=C]:17/1701...2001::face:feed:deed:beef[+S=C]:17/%any Jul 16 16:13:09 svr pluto[28490]: "L2TP-PSK-IPV6"[1] 2001::face:feed:deed:beef #3: sending encrypted notification INVALID_ID_INFORMATION to 2001::face:feed:deed:beef:500 Jul 16 16:13:11 svr pluto[28490]: "L2TP-PSK-IPV6"[1] 2001::face:feed:deed:beef #3: the peer proposed: 2001:f00:ba2::/128:17/1701 -> 2001::face:feed:deed:beef/128:17/0 Jul 16 16:13:11 svr pluto[28490]: "L2TP-PSK-IPV6"[1] 2001::face:feed:deed:beef #3: cannot respond to IPsec SA request because no connection is known for 2001:f00:ba2::<2001:foo:ba2::>[+S=C]:17/1701...2001::face:feed:deed:beef[+S=C]:17/%any Jul 16 16:13:11 svr pluto[28490]: "L2TP-PSK-IPV6"[1] 2001::face:feed:deed:beef #3: sending encrypted notification INVALID_ID_INFORMATION to 2001::face:feed:deed:beef:500 Jul 16 16:13:12 svr pluto[28490]: "L2TP-PSK-IPV6"[1] 2001::face:feed:deed:beef #3: received Delete SA payload: deleting ISAKMP State #3 Jul 16 16:13:12 svr pluto[28490]: "L2TP-PSK-IPV6"[1] 2001::face:feed:deed:beef: deleting connection "L2TP-PSK-IPV6" instance with peer 2001::face:feed:deed:beef {isakmp=#0/ipsec=#0} where 2001:f00:ba2:: is my server, and 2001::face:feed:beed:beef is a client. #ipsec.conf version 2.0 config setup nat_traversal=yes virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12 oe=off protostack=auto conn L2TP-PSK-NAT rightsubnet=vhost:%priv also=L2TP-PSK-noNAT conn L2TP-PSK-noNAT left=xx.xx.xx.xx leftprotoport=17/1701 right=%any rightprotoport=17/%any authby=secret pfs=no auto=add keyingtries=3 rekey=no ikelifetime=8h keylife=1h type=transport conn L2TP-PSK-IPV6 connaddrfamily=ipv6 left="2001:f00:ba2::" leftsubnet="2001:f00:ba2::/64" leftprotoport=17/1701 right="%any" rightprotoport=17/%any authby=secret pfs=no auto=add keyingtries=3 rekey=no ikelifetime=8h keylife=1h type=transport conn passthrough-for-non-l2tp type=passthrough left=xx.xx.xx.xx leftnexthop=xx.xx.xx.x right=0.0.0.0 rightsubnet=0.0.0.0/0 auto=route #ipsec.secrets include /var/lib/openswan/ipsec.secrets.inc %any %any: PSK "~~"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20120716/1c53288e/attachment.html>
More information about the Users
mailing list