[Openswan Users] Interpreting "no connection is known" (FreeSwan 1.97)
bob at computerisms.ca
Fri Jun 7 19:19:00 UTC 2013
> > so you will need the virtualprivate config. There are lots and lots of
> Do you mean virtual_private ?
> > Is this config from a current version of openswan? And why the 0.0.0.0
> > for right, you are encrypting to the gateway but not across the
> > internet? I would suggest making sure you have a current version of
> It's am embedded router, from the company formally known as SnapGear -
> I think Mcaffee has it now. As best I've been able to tell It's 1.97,
> as it says in the subject.
wow. That almost makes me feel young, except for the part where I
didn't see it in the subject ;) I have been playing with openswan for 8
years and I don't think I have ever used a version that old. I am not
sure how much of my knowledge is applicable to that version.
The only positive things to say about that is that as long as I have
been using openswan, the "no connection is known for" error has always
meant the same thing, so almost certainly the problem is still in your
config. Past that, I am not willing to make any bets about the best way
to fix it. I am not even sure if they had introduced the
virtual_private settings by then, and if not, I don't see how you are
going to make it work with a NAT'd device. Maybe someone who has been
using openswan for longer than me can answer that...
> The config is mostly driven from the web interface, although it also
> offers config file access. I understood 0.0.0.0 to mean "any", which
> sounded appropriate for multiple client connections
In a version that old, they may have used 0.0.0.0 to represent a
connection from any IP. The only time I have used 0.0.0.0 was to make a
tunnel to reduce the number of flows across a certain network segment,
so in that case 0.0.0.0 meant the whole internet as a single subnet I
was routing too, not any specific computer on it. Modern configs use
something like right=%any as the value to represent a computer with an
unknown/unpredictable IP, but I am not sure if that will work in your
Best of luck...
> Users at lists.openswan.org
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
More information about the Users