[Openswan Users] FC6 iptables problem

Paul Wouters paul at xelerance.com
Fri Mar 23 15:15:40 EDT 2007


On Fri, 23 Mar 2007, Xunhua Wang wrote:

> Ok, I made the changes (I also added "iptables -t mangle -A INPUT -p udp
> --dport 4500 -j MARK --set-mark 50" as my Windows client is behind a NAT)
> and it got better but the problem persists.
>
> Here is what I have from /var/log/secure
>
> Mar 23 11:47:13 Newton pluto[2816]: | NAT-T: new mapping
> 76.104.101.6:500/1300)

> Mar 23 11:47:13 Newton pluto[2816]: "roadwarrior-l2tp-updatedwin"[1]
> 76.104.101.6 #2: STATE_QUICK_R2: IPsec SA established {ESP=>0x9c9d09ad
> <0x4175cada xfrm=3DES_0-HMAC_MD5 NATD=76.104.101.6:1300 DPD=none}
> Mar 23 11:47:18 Newton pluto[2816]: ERROR: asynchronous network error report
> on eth1 (sport=4500) for message to 76.104.101.6 port 1300, complainant
> 134.126.34.124: No route to host [errno 113, origin ICMP type 3 code 1 (not
> authenticated)]

Are you allowing any source to destination udp 4500, and source udp 4500
to any destination 4500?
It looks like perhaps you only allow 4500 <-> 4500?

Paul


More information about the Users mailing list