[strongSwan] cannot respond to IPsec SA request because no connection is known

Tobias Brunner tobias at strongswan.org
Fri Aug 17 10:42:48 CEST 2012

Hi Ben,

> I assume I'm still missing some vital config option.  Any idea what
> that might be?

Try adding leftsubnet= and rightsubnet=  If that
doesn't work increasing the loglevel for the cfg log group to 2 (see
[1]), which will give you more details about the failure at that point.

> This continues until the OS X client (NAT'd behind
> gives up.

No idea which version of Mac OS X you're using but with newer releases
you might want to try bare IPsec (called Cisco IPsec by Apple) instead
of L2TP/IPsec.  See [2] for more infos.


[1] http://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration
[2] http://wiki.strongswan.org/projects/strongswan/wiki/IOS_(Apple)

More information about the Users mailing list