[strongSwan] cannot respond to IPsec SA request because no connection is known
Daniel Mentz
danielml+mailinglists.strongswan at sent.com
Tue Jul 12 06:26:14 CEST 2011
On 07/09/2011 10:44 PM, Micah Anderson wrote:
> For some reason that i do not understand, I'm getting:
>
> Jul 9 22:37:41 kestrel pluto[3901]: "l2tp-psk"[2] 208.54.45.249:58920 #1: cannot respond to IPsec SA request because no connection is known for 198.252.153.38:4500[198.252.153.38]:17/1701...208.54.45.249:58920[26.164.21.104]:17/%any==={26.164.21.104/32}
>
> conn l2tp-psk
> authby=secret
> pfs=no
> compress=no
> rekey=no
> keyexchange=ikev1
> keyingtries=3
> type=transport
> leftprotoport=17/1701
> right=%any
> rightprotoport=17/%any
> auto=add
You specified transport mode in your config, right? However, it looks
like your peer wants to setup a connection using tunnel mode:
It says
"208.54.45.249:58920[26.164.21.104]:17/%any==={26.164.21.104/32}"
which means that your peer is 208.54.45.249, and this peer wants to
secure traffic for the subnet 26.164.21.104/32. This won't work in
transport mode because in this mode both peers only secure their own
traffic.
-Daniel
More information about the Users
mailing list