[Openswan Users] Network error on port 4500

Thu Dec 15 15:33:13 CET 2005

Hi,
I have in the log the following messages:

Dec 15 13:17:18 fw pluto[2384]: "left-road"[4] 1.2.3.4 #11: responding to 
Quick Mode {msgid:8d940428}
Dec 15 13:17:18 fw pluto[2384]: "left-road"[4] 1.2.3.4 #11: transition from 
state STATE_QUICK_R0 to state STATE_QUICK_R1
Dec 15 13:17:18 fw pluto[2384]: "left-road"[4] 1.2.3.4 #11: STATE_QUICK_R1: 
sent QR1, inbound IPsec SA installed, expecting QI2
Dec 15 13:17:18 fw pluto[2384]: "left-road"[4] 1.2.3.4 #11: transition from 
state STATE_QUICK_R1 to state STATE_QUICK_R2
Dec 15 13:17:18 fw pluto[2384]: "left-road"[4] 1.2.3.4 #11: STATE_QUICK_R2: 
IPsec SA established {ESP=>0xf4a58cf3 <0xc3dd50e1 xfrm=3DES_0-HMAC_MD5 
NATD=1.2.3.4:4500 DPD=none}
Dec 15 13:17:18 fw pluto[2384]: "left-road"[4] 1.2.3.4 #3: received Delete 
SA(0x6b9e2b00) payload: deleting IPSEC State #4
Dec 15 13:17:18 fw pluto[2384]: "left-road"[4] 1.2.3.4 #3: received and 
ignored informational message
Dec 15 13:20:49 fw pluto[2384]: ERROR: asynchronous network error report on 
eth0 (sport=4500) for message to 1.2.3.4 port 4500, complainant 5.6.7.8: No 
route to host [errno 113, origin ICMP type 11 code 1 (not authenticated)]

my ipsec.conf is:

config setup
        interfaces="ipsec0=eth0"
        nat_traversal=yes
conn %default
      authby=secret
      rekey=no

conn left-road
  auto=add
  authby=secret
  pfs=no
  left=5.6.7.8
  leftnexthop=5.6.7.9
  leftprotoport=17/1701
  right=%any
  rightprotoport=17/1701
  rightsubnet=vhost:%no,%priv
include /etc/ipsec.d/examples/no_oe.conf

..the IPSEC SA established and the ping from machines on both network is ok 
!!

I use:

- openswan 2.4.4
- kernel 2.6.9-1.667 with patch for nat-t

..because I have that error ?
thanks.

------
Salvatore. 