[vpn-help] HELP: "cannot respond to IPsec SA request because no connection is known for..."
Murat Sezgin
sezginmurat at gmail.com
Thu Apr 29 11:40:15 CDT 2010
Thank you Matthew. It fixed our problem.
Regards,
Murat
On Mon, Apr 19, 2010 at 10:26 PM, Matthew Grooms <mgrooms at shrew.net> wrote:
> On 4/6/2010 8:31 PM, Murat Sezgin wrote:
>>
>> Hi,
>>
>> I am using your shrewsoft VPN client 2.15 version on my windows (vista /
>> 7) machines to connect to a VPN router which is running
>> openswan.2.6.24.rc4. The first phase ISAKMP is established successfully.
>> After this phase on the shrewsoft client it shows that connection is
>> established. But on the openswan side, it is waiting for the pahse 2
>> (IPSec SA). And I see the below error repeatedly. Shrewsoft is behind a
>> NAT router and the subnet is 192.168.3.0/24 <http://192.168.3.0/24>. The
>> VPN router's local net is 192.168.0.0/24 <http://192.168.0.0/24> and WAN
>> IP is 192.168.5.112. The NAT router's WAN IP is 192.168.5.114 and
>> connected to the VPN router's WAN port.
>>
>> I am not using the certification authentication, I am using PSK. What
>> can cause this error? I searched on your support site and the openswan
>> mailing list archives, but I couldn't find any solution. The same
>> configuration of VPN router is working fine with the Greenbow VPN client
>> and Openswan Linux client, but it is failing with shrewsoft with the
>> below error.
>>
>
> Hi Murat,
>
> It looks like you didn't specify an include network in the policy tab. This
> causes the client to negotiate a single IPsec SA to tunnel all traffic
> through. Try adding the 192.168.0.0/24 network as an include network in the
> policy tab of the client site configuration.
>
> Hope this helps,
>
> -Matthew
>
--
Murat Sezgin
More information about the vpn-help
mailing list