[Openswan Users] "Cannot respond to IPsec SA request because no connection is known for xxx" on IPV6

Mon Jul 16 03:49:11 EDT 2012

Hi list,     I'm new to openswan, and I tried to make a tunnel and run L2TP over it. On IPV4, everything goes well. But after many efforts, I'm blocked by "Cannot respond to IPsec SA request because no connection is known for xxx" issue.     I wonder if there're some problems in my conf and secret, though I tried many combinations.      I'm not familiar with ipsec/openswan/pluto etc. So plz help me dealing it, many thanks. Tydus Ken # Log Jul 16 16:13:07 svr pluto[28490]: packet from 2001::face:feed:deed:beef:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008] Jul 16 16:13:07 svr pluto[28490]: packet from 2001::face:feed:deed:beef:500: ignoring Vendor ID payload [FRAGMENTATION] Jul 16 16:13:07 svr pluto[28490]: packet from 2001::face:feed:deed:beef:500: ignoring Vendor ID payload [MS-Negotiation Discovery Capable] Jul 16 16:13:07 svr pluto[28490]: packet from 2001::face:feed:deed:beef:500: ignoring Vendor ID payload [Vid-Initial-Contact] Jul 16 16:13:07 svr pluto[28490]: packet from 2001::face:feed:deed:beef:500: ignoring Vendor ID payload [IKE CGA version 1] Jul 16 16:13:07 svr pluto[28490]: "L2TP-PSK-IPV6"[1] 2001::face:feed:deed:beef #3: responding to Main Mode from unknown peer 2001::face:feed:deed:beef Jul 16 16:13:07 svr pluto[28490]: "L2TP-PSK-IPV6"[1] 2001::face:feed:deed:beef #3: OAKLEY_GROUP 20 not supported.  Attribute OAKLEY_GROUP_DESCRIPTION Jul 16 16:13:07 svr pluto[28490]: "L2TP-PSK-IPV6"[1] 2001::face:feed:deed:beef #3: OAKLEY_GROUP 19 not supported.  Attribute OAKLEY_GROUP_DESCRIPTION Jul 16 16:13:07 svr pluto[28490]: "L2TP-PSK-IPV6"[1] 2001::face:feed:deed:beef #3: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Jul 16 16:13:07 svr pluto[28490]: "L2TP-PSK-IPV6"[1] 2001::face:feed:deed:beef #3: STATE_MAIN_R1: sent MR1, expecting MI2 Jul 16 16:13:07 svr pluto[28490]: "L2TP-PSK-IPV6"[1] 2001::face:feed:deed:beef #3: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Jul 16 16:13:07 svr pluto[28490]: "L2TP-PSK-IPV6"[1] 2001::face:feed:deed:beef #3: STATE_MAIN_R2: sent MR2, expecting MI3 Jul 16 16:13:07 svr pluto[28490]: "L2TP-PSK-IPV6"[1] 2001::face:feed:deed:beef #3: Main mode peer ID is ID_IPV6_ADDR: '2001::face:feed:deed:beef' Jul 16 16:13:07 svr pluto[28490]: "L2TP-PSK-IPV6"[1] 2001::face:feed:deed:beef #3: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 Jul 16 16:13:07 svr pluto[28490]: "L2TP-PSK-IPV6"[1] 2001::face:feed:deed:beef #3: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp2048} Jul 16 16:13:08 svr pluto[28490]: "L2TP-PSK-IPV6"[1] 2001::face:feed:deed:beef #3: the peer proposed: 2001:f00:ba2::/128:17/1701 -> 2001::face:feed:deed:beef/128:17/0 Jul 16 16:13:08 svr pluto[28490]: "L2TP-PSK-IPV6"[1] 2001::face:feed:deed:beef #3: cannot respond to IPsec SA request because no connection is known for 2001:f00:ba2::<2001:f00:ba2::>[+S=C]:17/1701...2001::face:feed:deed:beef[+S=C]:17/%any Jul 16 16:13:08 svr pluto[28490]: "L2TP-PSK-IPV6"[1] 2001::face:feed:deed:beef #3: sending encrypted notification INVALID_ID_INFORMATION to 2001::face:feed:deed:beef:500 Jul 16 16:13:09 svr pluto[28490]: "L2TP-PSK-IPV6"[1] 2001::face:feed:deed:beef #3: the peer proposed: 2001:f00:ba2::/128:17/1701 -> 2001::face:feed:deed:beef/128:17/0 Jul 16 16:13:09 svr pluto[28490]: "L2TP-PSK-IPV6"[1] 2001::face:feed:deed:beef #3: cannot respond to IPsec SA request because no connection is known for 2001:f00:ba2::<2001:f00:ba2::>[+S=C]:17/1701...2001::face:feed:deed:beef[+S=C]:17/%any Jul 16 16:13:09 svr pluto[28490]: "L2TP-PSK-IPV6"[1] 2001::face:feed:deed:beef #3: sending encrypted notification INVALID_ID_INFORMATION to 2001::face:feed:deed:beef:500 Jul 16 16:13:11 svr pluto[28490]: "L2TP-PSK-IPV6"[1] 2001::face:feed:deed:beef #3: the peer proposed: 2001:f00:ba2::/128:17/1701 -> 2001::face:feed:deed:beef/128:17/0 Jul 16 16:13:11 svr pluto[28490]: "L2TP-PSK-IPV6"[1] 2001::face:feed:deed:beef #3: cannot respond to IPsec SA request because no connection is known for 2001:f00:ba2::<2001:foo:ba2::>[+S=C]:17/1701...2001::face:feed:deed:beef[+S=C]:17/%any Jul 16 16:13:11 svr pluto[28490]: "L2TP-PSK-IPV6"[1] 2001::face:feed:deed:beef #3: sending encrypted notification INVALID_ID_INFORMATION to 2001::face:feed:deed:beef:500 Jul 16 16:13:12 svr pluto[28490]: "L2TP-PSK-IPV6"[1] 2001::face:feed:deed:beef #3: received Delete SA payload: deleting ISAKMP State #3 Jul 16 16:13:12 svr pluto[28490]: "L2TP-PSK-IPV6"[1] 2001::face:feed:deed:beef: deleting connection "L2TP-PSK-IPV6" instance with peer 2001::face:feed:deed:beef {isakmp=#0/ipsec=#0} where 2001:f00:ba2:: is my server, and 2001::face:feed:beed:beef is a client. #ipsec.conf version	2.0 config setup 	nat_traversal=yes 	virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12 	oe=off 	protostack=auto 	 conn L2TP-PSK-NAT 	rightsubnet=vhost:%priv 	also=L2TP-PSK-noNAT conn L2TP-PSK-noNAT 	left=xx.xx.xx.xx 	leftprotoport=17/1701 	right=%any 	rightprotoport=17/%any 	authby=secret 	pfs=no 	auto=add 	keyingtries=3 	rekey=no 	ikelifetime=8h 	keylife=1h 	type=transport conn L2TP-PSK-IPV6 	connaddrfamily=ipv6 	left="2001:f00:ba2::" 	leftsubnet="2001:f00:ba2::/64" 	leftprotoport=17/1701 	right="%any" 	rightprotoport=17/%any 	authby=secret 	pfs=no 	auto=add 	keyingtries=3 	rekey=no 	ikelifetime=8h 	keylife=1h 	type=transport conn passthrough-for-non-l2tp 	type=passthrough 	left=xx.xx.xx.xx 	leftnexthop=xx.xx.xx.x 	right=0.0.0.0 	rightsubnet=0.0.0.0/0 	auto=route #ipsec.secrets include /var/lib/openswan/ipsec.secrets.inc %any %any: PSK "~~"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20120716/1c53288e/attachment.html>