[Openswan Users] "Cannot respond to IPsec SA request because no connection is known for xxx" on IPV6
Tydus Ken
Tydus at Tydus.org
Tue Jul 17 03:16:31 EDT 2012
Hi list,
Sorry sent the mail by wrong formatting yesterday.
I'm new to openswan, and I tried to make a tunnel and run L2TP over
it. On IPV4, everything goes well. But after many efforts, I'm blocked
by "Cannot respond to IPsec SA request because no connection is known
for xxx" issue.
I wonder if there're some problems in my conf and secret, though I
tried many combinations.
I'm not familiar with ipsec/openswan/pluto etc. So plz help me
dealing it, many thanks.
Tydus Ken
# Log
Jul 16 16:13:07 svr pluto[28490]: packet from
2001::face:feed:deed:beef:500: ignoring Vendor ID payload [MS NT5
ISAKMPOAKLEY 00000008]
Jul 16 16:13:07 svr pluto[28490]: packet from
2001::face:feed:deed:beef:500: ignoring Vendor ID payload [FRAGMENTATION]
Jul 16 16:13:07 svr pluto[28490]: packet from
2001::face:feed:deed:beef:500: ignoring Vendor ID payload
[MS-Negotiation Discovery Capable]
Jul 16 16:13:07 svr pluto[28490]: packet from
2001::face:feed:deed:beef:500: ignoring Vendor ID payload
[Vid-Initial-Contact]
Jul 16 16:13:07 svr pluto[28490]: packet from
2001::face:feed:deed:beef:500: ignoring Vendor ID payload [IKE CGA
version 1]
Jul 16 16:13:07 svr pluto[28490]: "L2TP-PSK-IPV6"[1]
2001::face:feed:deed:beef #3: responding to Main Mode from unknown peer
2001::face:feed:deed:beef
Jul 16 16:13:07 svr pluto[28490]: "L2TP-PSK-IPV6"[1]
2001::face:feed:deed:beef #3: OAKLEY_GROUP 20 not supported. Attribute
OAKLEY_GROUP_DESCRIPTION
Jul 16 16:13:07 svr pluto[28490]: "L2TP-PSK-IPV6"[1]
2001::face:feed:deed:beef #3: OAKLEY_GROUP 19 not supported. Attribute
OAKLEY_GROUP_DESCRIPTION
Jul 16 16:13:07 svr pluto[28490]: "L2TP-PSK-IPV6"[1]
2001::face:feed:deed:beef #3: transition from state STATE_MAIN_R0 to
state STATE_MAIN_R1
Jul 16 16:13:07 svr pluto[28490]: "L2TP-PSK-IPV6"[1]
2001::face:feed:deed:beef #3: STATE_MAIN_R1: sent MR1, expecting MI2
Jul 16 16:13:07 svr pluto[28490]: "L2TP-PSK-IPV6"[1]
2001::face:feed:deed:beef #3: transition from state STATE_MAIN_R1 to
state STATE_MAIN_R2
Jul 16 16:13:07 svr pluto[28490]: "L2TP-PSK-IPV6"[1]
2001::face:feed:deed:beef #3: STATE_MAIN_R2: sent MR2, expecting MI3
Jul 16 16:13:07 svr pluto[28490]: "L2TP-PSK-IPV6"[1]
2001::face:feed:deed:beef #3: Main mode peer ID is ID_IPV6_ADDR:
'2001::face:feed:deed:beef'
Jul 16 16:13:07 svr pluto[28490]: "L2TP-PSK-IPV6"[1]
2001::face:feed:deed:beef #3: transition from state STATE_MAIN_R2 to
state STATE_MAIN_R3
Jul 16 16:13:07 svr pluto[28490]: "L2TP-PSK-IPV6"[1]
2001::face:feed:deed:beef #3: STATE_MAIN_R3: sent MR3, ISAKMP SA
established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha
group=modp2048}
Jul 16 16:13:08 svr pluto[28490]: "L2TP-PSK-IPV6"[1]
2001::face:feed:deed:beef #3: the peer proposed:
2001:f00:ba2::/128:17/1701 -> 2001::face:feed:deed:beef/128:17/0
Jul 16 16:13:08 svr pluto[28490]: "L2TP-PSK-IPV6"[1]
2001::face:feed:deed:beef #3: cannot respond to IPsec SA request because
no connection is known for
2001:f00:ba2::<2001:f00:ba2::>[+S=C]:17/1701...2001::face:feed:deed:beef[+S=C]:17/%any
Jul 16 16:13:08 svr pluto[28490]: "L2TP-PSK-IPV6"[1]
2001::face:feed:deed:beef #3: sending encrypted notification
INVALID_ID_INFORMATION to 2001::face:feed:deed:beef:500
Jul 16 16:13:09 svr pluto[28490]: "L2TP-PSK-IPV6"[1]
2001::face:feed:deed:beef #3: the peer proposed:
2001:f00:ba2::/128:17/1701 -> 2001::face:feed:deed:beef/128:17/0
Jul 16 16:13:09 svr pluto[28490]: "L2TP-PSK-IPV6"[1]
2001::face:feed:deed:beef #3: cannot respond to IPsec SA request because
no connection is known for
2001:f00:ba2::<2001:f00:ba2::>[+S=C]:17/1701...2001::face:feed:deed:beef[+S=C]:17/%any
Jul 16 16:13:09 svr pluto[28490]: "L2TP-PSK-IPV6"[1]
2001::face:feed:deed:beef #3: sending encrypted notification
INVALID_ID_INFORMATION to 2001::face:feed:deed:beef:500
Jul 16 16:13:11 svr pluto[28490]: "L2TP-PSK-IPV6"[1]
2001::face:feed:deed:beef #3: the peer proposed:
2001:f00:ba2::/128:17/1701 -> 2001::face:feed:deed:beef/128:17/0
Jul 16 16:13:11 svr pluto[28490]: "L2TP-PSK-IPV6"[1]
2001::face:feed:deed:beef #3: cannot respond to IPsec SA request because
no connection is known for
2001:f00:ba2::<2001:foo:ba2::>[+S=C]:17/1701...2001::face:feed:deed:beef[+S=C]:17/%any
Jul 16 16:13:11 svr pluto[28490]: "L2TP-PSK-IPV6"[1]
2001::face:feed:deed:beef #3: sending encrypted notification
INVALID_ID_INFORMATION to 2001::face:feed:deed:beef:500
Jul 16 16:13:12 svr pluto[28490]: "L2TP-PSK-IPV6"[1]
2001::face:feed:deed:beef #3: received Delete SA payload: deleting
ISAKMP State #3
Jul 16 16:13:12 svr pluto[28490]: "L2TP-PSK-IPV6"[1]
2001::face:feed:deed:beef: deleting connection "L2TP-PSK-IPV6" instance
with peer 2001::face:feed:deed:beef {isakmp=#0/ipsec=#0}
where 2001:f00:ba2:: is my server, and 2001::face:feed:beed:beef is a
client.
#ipsec.conf
version 2.0
config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
oe=off
protostack=auto
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
left=xx.xx.xx.xx
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
conn L2TP-PSK-IPV6
connaddrfamily=ipv6
left="2001:f00:ba2::"
leftsubnet="2001:f00:ba2::/64"
leftprotoport=17/1701
right="%any"
rightprotoport=17/%any
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
conn passthrough-for-non-l2tp
type=passthrough
left=xx.xx.xx.xx
leftnexthop=xx.xx.xx.x
right=0.0.0.0
rightsubnet=0.0.0.0/0
auto=route
#ipsec.secrets
include /var/lib/openswan/ipsec.secrets.inc
%any %any: PSK "~~"
More information about the Users
mailing list