[Openswan Users] Interpreting "no connection is known" (FreeSwan 1.97)

Bob Miller bob at computerisms.ca
Fri Jun 7 19:19:00 UTC 2013 

> 
> > so you will need the virtualprivate config.  There are lots and lots of
> 
> Do you mean virtual_private ?

yes

> > Is this config from a current version of openswan?  And why the 0.0.0.0
> > for right, you are encrypting to the gateway but not across the
> > internet?  I would suggest making sure you have a current version of
> 
> It's am embedded router, from the company formally known as SnapGear -
> I think Mcaffee has it now.  As best I've been able to tell It's 1.97,
> as it says in the subject.

wow.  That almost makes me feel young, except for the part where I
didn't see it in the subject ;)  I have been playing with openswan for 8
years and I don't think I have ever used a version that old.  I am not
sure how much of my knowledge is applicable to that version.  

The only positive things to say about that is that as long as I have
been using openswan, the "no connection is known for" error has always
meant the same thing, so almost certainly the problem is still in your
config.  Past that, I am not willing to make any bets about the best way
to fix it.  I am not even sure if they had introduced the
virtual_private settings by then, and if not, I don't see how you are
going to make it work with a NAT'd device.  Maybe someone who has been
using openswan for longer than me can answer that...

> The config is mostly driven from the web interface, although it also
> offers config file access.  I understood 0.0.0.0 to mean "any", which
> sounded appropriate for multiple client connections

In a version that old, they may have used 0.0.0.0 to represent a
connection from any IP.  The only time I have used 0.0.0.0 was to make a
tunnel to reduce the number of flows across a certain network segment,
so in that case 0.0.0.0 meant the whole internet as a single subnet I
was routing too, not any specific computer on it.  Modern configs use
something like right=%any as the value to represent a computer with an
unknown/unpredictable IP, but I am not sure if that will work in your
version.

Best of luck...

> _______________________________________________
> Users at lists.openswan.org
> https://lists.openswan.org/mailman/listinfo/users
> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

More information about the Users mailing list