[Openswan Users] Openswan servers behind NAT connection fails
Utkarsh Shah
utkarsh at elitecore.com
Thu Jan 18 00:02:13 EST 2007
Hi Juan,
Thanks for your comments.
I don't think that ADSL modem is blocking 4500 or any other port as
other connection with same network scenario is working fine.
In those connection both the servers are behind NAT-box.
Thanks & Regards,
Utkarsh Shah
Juan Pablo wrote:
> Hi,
>
> On 1/17/07, Utkarsh Shah <utkarsh at elitecore.com> wrote:
>>
>> Hi,
>>
>> I am using openswan 2.4.5 and all the openswan server are behind nat.
>> i have 4 sites connecting each other.
>>
>> from site A i am able to connect to site B & site C but not site D
>> from site D i am able to connect to site B & site C but not site A
>>
>> in /var/log/secure
>> i found at inititor
>> Jan 17 15:36:31 1169028391 pluto[470]: "yyyyy" #94: transition from
>> state
>> STATE_MAIN_R0 to state STATE_MAIN_R1
>> Jan 17 15:36:31 1169028391 pluto[470]: "yyyyy" #94: STATE_MAIN_R1:
>> sent MR1,
>> expecting MI2
>> Jan 17 15:36:31 1169028391 pluto[470]: "yyyyy" #94: NAT-Traversal:
>> Result
>> using 3: both are NATed
>> Jan 17 15:36:31 1169028391 pluto[470]: "yyyyy" #94: transition from
>> state
>> STATE_MAIN_R1 to state STATE_MAIN_R2
>> Jan 17 15:36:31 1169028391 pluto[470]: "yyyyy" #94: STATE_MAIN_R2:
>> sent MR2,
>> expecting MI3
>
> Which messages follow here? Does it try to retransmit?
>
>>
>> and at responder i found
>> Jan 17 16:33:43 1169031823 pluto[17609]: ERROR: asynchronous network
>> error
>> report on eth1 (sport=500) for message to 59.95.246.81 port 500,
>> complainant
>> 59.95.246.81: Connection refused [errno 111, origin ICMP type 3 code
>> 3 (not
>> authenticated)]
>> Jan 17 16:33:53 1169031833 pluto[17609]: ERROR: asynchronous network
>> error
>> report on eth1 (sport=500) for message to 59.95.246.81 port 500,
>> complainant
>> 59.95.246.81: Connection refused [errno 111, origin ICMP type 3 code
>> 3 (not
>> authenticated)]
>> Jan 17 16:34:13 1169031853 pluto[17609]: ERROR: asynchronous network
>> error
>> report on eth1 (sport=500) for message to 59.95.246.81 port 500,
>> complainant
>> 59.95.246.81: Connection refused [errno 111, origin
>>
>
> Are you able to do a traceroute from Openswan to the adsl modem at the
> other endpoint?. Be sure that nobody is blocking UDP 4500 in the path.
> Ethereal could help also.
>
> -Juan.
>
More information about the Users
mailing list