[Openswan Users] ERROR: asynchronous network error report on eth0 (sport=4500)

Xunhua Wang wangxx at jmu.edu
Sun Mar 16 01:28:02 EDT 2008 

Hi all,

My IPsec/L2TPD VPN server crashed recently and I had to rebuild it. This
server box runs Red Hat Enterprise Linux Server 4 with kernel 2.6.9-5.ELsmp.
It runs Openswan U2.4.8/K2.6.9-5.ELsmp (netkey) and xl2tpd 1.1.12 

After reconfiguring everything, I ran a Windows 2000 client behind a NAT
(the NAT's IP address is 71.51.5.219) to connect to the VPN server. (I also
SSHed to the VPN server to check its logs.)

>From the server's log /var/log/secure, we can see that an IPsec SA is
established.

Mar 16 00:49:27 crypto pluto[2841]: "roadwarrior-l2tp-updatedwin"[3]
71.51.5.219 #6: STATE_QUICK_R2: IPsec SA established {ESP=>0xa26207ae
<0x4043e570 xfrm=3DES_0-HMAC_MD5 NATD=71.51.5.219:16189 DPD=none}

However, on the Windows 2000 box, the connection hangs and then times out.
(In the hanging period, my SSH windows to the VPN server also freeze: cannot
type in anything.)

The server-side /var/log/secure has this message:

Mar 16 00:49:32 crypto pluto[2841]: ERROR: asynchronous network error report
on eth0 (sport=4500) for message to 71.51.5.219 port 16189, complainant
1**.1**.2*.7*: No route to host [errno 113, origin ICMP type 3 code 1 (not
authenticated)]

The server's /var/log/messages has this message:

Mar 16 00:42:58 crypto xl2tpd[4370]: Maximum retries exceeded for tunnel
64551.  Closing. 
Mar 16 00:42:58 crypto xl2tpd[4370]: Connection 3 closed to 71.51.5.219,
port 1701 (Timeout) 
Mar 16 00:43:13 crypto xl2tpd[4370]: Maximum retries exceeded for tunnel
58522.  Closing. 
Mar 16 00:43:13 crypto xl2tpd[4370]: Connection 3 closed to 71.51.5.219,
port 1701 (Timeout) 
Mar 16 00:43:34 crypto sshd(pam_unix)[4410]: session opened for user root by
(uid=0)
Mar 16 00:43:46 crypto sshd(pam_unix)[4284]: session closed for user root
Mar 16 00:49:34 crypto xl2tpd[4370]: Maximum retries exceeded for tunnel
6053.  Closing. 
Mar 16 00:49:34 crypto xl2tpd[4370]: Connection 4 closed to 71.51.5.219,
port 1701 (Timeout) 
Mar 16 00:49:49 crypto xl2tpd[4370]: Maximum retries exceeded for tunnel
42439.  Closing. 
Mar 16 00:49:49 crypto xl2tpd[4370]: Connection 4 closed to 71.51.5.219,
port 1701 (Timeout) 

My ipsec.conf and l2tpd.conf are attached in this message. What have I
configured wrong?

Thanks,

Steve
-------------- next part --------------
A non-text attachment was scrubbed...
Name: l2tpd.conf
Type: application/octet-stream
Size: 1042 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20080316/ca727bf3/attachment.obj 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipsec.conf
Type: application/octet-stream
Size: 665 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20080316/ca727bf3/attachment-0001.obj

More information about the Users mailing list