[Openswan Users] Openswan servers behind NAT connection fails

[Juan Pablo]

Hi,

On 1/17/07, Utkarsh Shah <utkarsh at elitecore.com> wrote:
>
> Hi,
>
> I am using openswan 2.4.5 and all the openswan server are behind nat.
> i have 4 sites connecting each other.
>
> from site A i am able to connect to site B & site C but not site D
> from site D i am able to connect to site B & site C but not site A
>
> in /var/log/secure
> i found at inititor
> Jan 17 15:36:31 1169028391 pluto[470]: "yyyyy" #94: transition from state
> STATE_MAIN_R0 to state STATE_MAIN_R1
> Jan 17 15:36:31 1169028391 pluto[470]: "yyyyy" #94: STATE_MAIN_R1: sent MR1,
> expecting MI2
> Jan 17 15:36:31 1169028391 pluto[470]: "yyyyy" #94: NAT-Traversal: Result
> using 3: both are NATed
> Jan 17 15:36:31 1169028391 pluto[470]: "yyyyy" #94: transition from state
> STATE_MAIN_R1 to state STATE_MAIN_R2
> Jan 17 15:36:31 1169028391 pluto[470]: "yyyyy" #94: STATE_MAIN_R2: sent MR2,
> expecting MI3

Which messages follow here? Does it try to retransmit?

>
> and at responder i found
> Jan 17 16:33:43 1169031823 pluto[17609]: ERROR: asynchronous network error
> report on eth1 (sport=500) for message to 59.95.246.81 port 500, complainant
> 59.95.246.81: Connection refused [errno 111, origin ICMP type 3 code 3 (not
> authenticated)]
> Jan 17 16:33:53 1169031833 pluto[17609]: ERROR: asynchronous network error
> report on eth1 (sport=500) for message to 59.95.246.81 port 500, complainant
> 59.95.246.81: Connection refused [errno 111, origin ICMP type 3 code 3 (not
> authenticated)]
> Jan 17 16:34:13 1169031853 pluto[17609]: ERROR: asynchronous network error
> report on eth1 (sport=500) for message to 59.95.246.81 port 500, complainant
> 59.95.246.81: Connection refused [errno 111, origin
>

Are you able to do a traceroute from Openswan to the adsl modem at the
other endpoint?. Be sure that nobody is blocking UDP 4500 in the path.
Ethereal could help also.

-Juan.