[Openswan Users] [Openswan dev] book example yields - No route to host...not authenticated using
Paul Wouters
paul at xelerance.com
Sun Nov 26 17:42:07 EST 2006
On Sun, 26 Nov 2006, Bruce S. Skinner wrote:
> >> pluto[4529]: "sample" #1: ERROR: asynchronous network error report
> >> on eth0 (sport=500) for message to 10.1.1.11 port 500, complainant
> >> 172.31.1.200: No route to host [errno 113, origin ICMP type 3 code 1
> >> (not authenticated)]
> >>
> >> Is this an authentication issue or a routing issue?
> >
> > A router in the midde, 172.31.1.200, cannot reach 10.1.1.11.
>
> It doesn't appear to be that simple, as the router in the middle is a
> single machine with two interfaces one at 172.31.1.1 and 10.1.1.1. It
> routes both ways before I start openswan as indicated in the
> traceroute/ping examples below. It appears that routing breaks only
> after openswan is started...
that should not happen. Are you sure you are not firewalling udp port 500?
> left=10.1.1.11
> right=172.31.1.200
> type=tunnel
> # RSA 2048 bits gw Sun Nov 26 11:45:54 2006
> leftrsasigkey=0sAQOLN9ThgpqFfu+hpcpy/BDCJj82oakzQ/X87KKAT1Ba+jj1DyUN4oTBd1WrNgaqMS4XOZeCZCFjDrO4LYgLTL0lBXKkz/+nmtVJadLlWesVUVNLPBZ+GQMrv8i4a257Ut6G4PAI0fInXP3T5SAEJ8k0S/ix5KVzxpGo5noZ5QKW/C04F2xVGyUqah98Q1wdQBIIE/9N8nkU5CL4GfEBTw0RVuLIVwsP0UXNvIYqhxzfXLkiotYBcoKKwOKCjr8BEIrpsGPRQDeHFGOrLlXRq11MeCCHnumJEze9J6WpqQ2vk+QbohZZae1v+/Y858FVii9H2A/8h9eieEA8Y1TadHvV
> # RSA 2048 bits gw Sun Nov 26 11:57:40 2006
> rightrsasigkey=0sAQN4diBgDiCl2HcJ74M3Ggnp9BjA2KtxKNJiAmpLNn+jjr/Y9xv5JIXS2mdrWmEwbqYm0PzRpJIOJ6raXc+s86LRf7fC3EE+HsG8Gp9T11AyLdiSwwXFnrCPLwi7VP6C2oM6d3I3X3N0uC7vlNsbTZZiqfWw9iHVlh/DmpHPgvjyf9jc0fFRhWHWE8/lZTTP7fGLr+l7ve8L6we3x1EaRuIz+nPc32l21ZnfSQci3QY5I8e8WWLgjovIAlpcnnvEyyMJEoJKRumjdnTJFZ6uXR+S3m9zgaCt5dsQyDqs3ACNlHwqPqiyYkarstbReJx9KI5jgyB+EmkNq1aDAeJJDp8P
> auto=start
What happens if you add leftnexthop=172.31.1.200 ?
> # RCSID $Id: ipsec.secrets.proto,v 1.3.6.1 2005/09/28 13:59:14 paul Exp $
You just published your secret key. You should destroy it and create a new
one now.
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list