[Openswan Users] Openswan locking all traffic
Philippe BONVIN - EDSI-Tech Sàrl
p.bonvin at edsi-tech.com
Sun May 3 15:31:12 EDT 2009
Hello,
I've a problem with Openswan on Debian Lenny. (I'm not a VPN expert)
When I run /etc/init.d/ipsec start I can see for 20 sec in /var/log/
auth.log
"vpn" #1: initiating Main Mode
and right after
"vpn" #1: ERROR: asynchronous network error report on eth0 (sport=500)
for message to xxx.xxx.xxx.xxx port 500, complainant yyy.yyy.yyy.yyy:
No route to host [errno 113, origin ICMP type 3 code 1 (not
authenticated)]
"vpn" #2: responding to Main Mode
"vpn" #2: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
"vpn" #2: STATE_MAIN_R1: sent MR1, expecting MI2
"vpn" #2: ERROR: asynchronous network error report on eth0 (sport=500)
for message to xxx.xxx.xxx.xxx port 500, complainant yyy.yyy.yyy.yyy:
No route to host [errno 113, origin ICMP type 3 code 1 (not
authenticated)]
and right after this line, all network connexions are locked. No ping
answers, nothing.
The server has two statics IP addresses and I want to access the
network 10.0.200.0/24, which doesn't have router and Internet
connectivity.
The remote side is a Netgear FVX538 with a dynamic IP.
My ipsec.conf:
conn vpn
type=tunnel
authby=secret
keyexchange=ike
aggrmode=no
auto=start
pfs=yes
pfsgroup=modp1024
ikelifetime=3600s
esp=3des-sha1
ike=3des-sha1
keylife=28800s
# LOCAL
left=yyy.yyy.yyy.yyy
leftsubnet=10.0.200.0/24
leftid=mylocalserver
# REMOTE
right=xxx.xxx.xxx.xxx
rightsubnet=10.10.10.0/24
rightnexthop=%defaultroute # might be not necessary
rightid=myremoteNetGearFVX538
I don't understand why it locks everything, can someone help me ?
Many thanks for your help.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3928 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20090503/7233797c/attachment.bin
More information about the Users
mailing list