[Openswan Users] Requesting help, no route to host
Robert
gmane8756 at yahoo.com
Wed Jun 18 11:47:11 EDT 2008
Paul Wouters <paul at xelerance.com> wrote in
news:alpine.LFD.1.10.0806181104500.21312 at newtla.xelerance.com:
> On Wed, 18 Jun 2008, Robert wrote:
>
>> conn wlw-office-annex
>> auto=start
>> #
>> left=192.168.50.174
>> leftcert=eng.pem
>> leftid="xxxxxxxxxx"
>> #
>> rightid = "yyyyyyyyyyyyyyyy"
>> right = xxxxxxxx.dyndns.org
>> rightnexthop = 192.168.50.254
>
>> ipsec__plutorun: 027 bad left --id: unknown OID in ID_DER_ASN1_DN
>> (ignored)
>
> I've never seen this, let's hope it is indeed ignored without
> problems.
>
>> ipsec__plutorun: ...could not add conn "wlw-office-annex"
>> ipsec__plutorun: 104 "wlw-office-annex" #1: STATE_MAIN_I1: initiate
>> ipsec__plutorun: ...could not start conn "wlw-office-annex"
>
>> pluto[24031]: "wlw-office-annex" #1: initiating Main Mode
>> pluto[24031]: "wlw-office-annex" #1: ERROR: asynchronous network
>> error report on eth0 (sport=500) for message to 76.211.66.174 port
>> 500, complainant 192.168.50.174: No route to host [errno 113, origin
>> ICMP type 3 code 1 (not authenticated)]
>
> You can (or may not) reach 76.211.66.174 on port 500. So it is a
> routing or firewall issue most likely.
>
> Paul
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=28315
> 5
>
>
Good morning Paul,
>From searching through the past postings, and using google, routing to port
500 showed up. Traceroute has a port argument. From eng I was able use
traceroute on port 500 and would get bast the XyWall router. While typing
this response, it became clear that traceroute terminated strangely.
Focussing on the problem being at the XyWall end, may itself be a problem.
I will look into it and post what I find.
Thanks,
Robert
More information about the Users
mailing list