[Openswan Users]
Paul Wouters
paul at xelerance.com
Mon Jul 31 18:57:31 CEST 2006
On Mon, 31 Jul 2006, Tomasz Grzelak wrote:
> The client is behind NAT (it is NATed to W.X.Y.Z), the Openswan server is at
> the public IP A.B.C.D.
> IKE works fine, the SA is established (I can see it in the pluto log),
> ERROR: asynchronous network error report on eth0 (sport=4500) for message to
> W.X.Y.Z port 13631, complainant A.B.C.D: No route to host [errno 113, origin
> ICMP type 3 code 1 (not authenticated)]
Openswan is trying to send replies for W.X.Y.Z via A.B.C.D. My guess is that
NAT was not properly detected. Can you shod the full IPsec SA established line?
It should show whether or not NAT is in use.
Paul
More information about the Users
mailing list