2

I have to make VPN tunnel in which other party has sent me just their public IP(y.y.y.y) and no subnet. Am using Strongswan 5.3.5. I know the connection is possible is possible without rightsubnet thanks to Possible to IPSec VPN Tunnel Public IP Addresses?.

Phase 1 is set up but getting error in phase 2.

Error am getting is:

parsed CREATE_CHILD_SA response 13 [ N(TS_UNACCEPT) ] received TS_UNACCEPTABLE notify, no CHILD_SA built

Below is my config

conn vpn-2
        left=192.168.0.5
        leftsubnet=192.168.0.0/28
        leftid=x.x.x.x
        right=y.y.y.y
        rightsubnet=%any
        rightid=%any
        keyexchange=ikev2
        ike=3des-md5-modp1024
        esp=aes256-sha1
        type=tunnel

Am still new to VPN connections but I've established one before which has rightsubnet but in this case, there is no right subnet. I've been stuck in this for days.

Divyansh Singh
  • 121
  • 6
  • Did you try not removing _rightsubnet_? (Setting it to %any is definitely wrong, either set it to a specific address/subnet or to %dynamic.) In any case should you check the log and config of the other host if you receive such an error notify for the reason why it was returned. – ecdsa Sep 11 '17 at 17:11
  • Hi @ecdsa. Tried removing the subnet and also setting it as dynamic. None of them worked. Anyways I'll ask them to check it in their logs. Thanks for your input though. – Divyansh Singh Sep 12 '17 at 05:21

0 Answers0