[Openswan Users] Openswan servers behind NAT connection fails

Utkarsh Shah utkarsh at elitecore.com
Thu Jan 18 00:02:13 EST 2007


Hi Juan,

    Thanks for your comments.

    I don't think that ADSL modem is blocking 4500 or any other port as 
other connection with same network scenario is working fine.
    In those connection both the servers are behind NAT-box.

Thanks & Regards,
Utkarsh Shah

Juan Pablo wrote:
> Hi,
>
> On 1/17/07, Utkarsh Shah <utkarsh at elitecore.com> wrote:
>>
>> Hi,
>>
>> I am using openswan 2.4.5 and all the openswan server are behind nat.
>> i have 4 sites connecting each other.
>>
>> from site A i am able to connect to site B & site C but not site D
>> from site D i am able to connect to site B & site C but not site A
>>
>> in /var/log/secure
>> i found at inititor
>> Jan 17 15:36:31 1169028391 pluto[470]: "yyyyy" #94: transition from 
>> state
>> STATE_MAIN_R0 to state STATE_MAIN_R1
>> Jan 17 15:36:31 1169028391 pluto[470]: "yyyyy" #94: STATE_MAIN_R1: 
>> sent MR1,
>> expecting MI2
>> Jan 17 15:36:31 1169028391 pluto[470]: "yyyyy" #94: NAT-Traversal: 
>> Result
>> using 3: both are NATed
>> Jan 17 15:36:31 1169028391 pluto[470]: "yyyyy" #94: transition from 
>> state
>> STATE_MAIN_R1 to state STATE_MAIN_R2
>> Jan 17 15:36:31 1169028391 pluto[470]: "yyyyy" #94: STATE_MAIN_R2: 
>> sent MR2,
>> expecting MI3
>
> Which messages follow here? Does it try to retransmit?
>
>>
>> and at responder i found
>> Jan 17 16:33:43 1169031823 pluto[17609]: ERROR: asynchronous network 
>> error
>> report on eth1 (sport=500) for message to 59.95.246.81 port 500, 
>> complainant
>> 59.95.246.81: Connection refused [errno 111, origin ICMP type 3 code 
>> 3 (not
>> authenticated)]
>> Jan 17 16:33:53 1169031833 pluto[17609]: ERROR: asynchronous network 
>> error
>> report on eth1 (sport=500) for message to 59.95.246.81 port 500, 
>> complainant
>> 59.95.246.81: Connection refused [errno 111, origin ICMP type 3 code 
>> 3 (not
>> authenticated)]
>> Jan 17 16:34:13 1169031853 pluto[17609]: ERROR: asynchronous network 
>> error
>> report on eth1 (sport=500) for message to 59.95.246.81 port 500, 
>> complainant
>> 59.95.246.81: Connection refused [errno 111, origin
>>
>
> Are you able to do a traceroute from Openswan to the adsl modem at the
> other endpoint?. Be sure that nobody is blocking UDP 4500 in the path.
> Ethereal could help also.
>
> -Juan.
>




More information about the Users mailing list