[Openswan Users] Openswan locking all traffic
Paul Wouters
paul at xelerance.com
Tue May 5 11:50:34 EDT 2009
On Sun, 3 May 2009, Philippe BONVIN - EDSI-Tech Sàrl wrote:
> When I run /etc/init.d/ipsec start I can see for 20 sec in /var/log/auth.log
> "vpn" #1: initiating Main Mode
> and right after
> "vpn" #1: ERROR: asynchronous network error report on eth0 (sport=500) for
> message to xxx.xxx.xxx.xxx port 500, complainant yyy.yyy.yyy.yyy: No route to
> host [errno 113, origin ICMP type 3 code 1 (not authenticated)]
Looks like a remote endpoint is not reachable (though I cannot tell because you
butchered the IP addresses). It looks like left and right might be on the same
LAN? Then you might need to add type=%direct.
> and right after this line, all network connexions are locked. No ping answers,
> nothing.
Check if you have OE properly disabled (oe=no in config setup on openswan 2.6.x)
Run ipsec verify
> My ipsec.conf:
I don't see a config setup section?
> conn vpn
> type=tunnel
> authby=secret
> keyexchange=ike
> aggrmode=no
> auto=start
> pfs=yes
> pfsgroup=modp1024
> ikelifetime=3600s
> esp=3des-sha1
> ike=3des-sha1
> keylife=28800s
>
> # LOCAL
> left=yyy.yyy.yyy.yyy
> leftsubnet=10.0.200.0/24
> leftid=mylocalserver
> # REMOTE
> right=xxx.xxx.xxx.xxx
> rightsubnet=10.10.10.0/24
> rightnexthop=%defaultroute # might be not necessary
> rightid=myremoteNetGearFVX538
Empty lines are not allowed within a connection definition. This
should show up as an error parsing the logs?
Paul
More information about the Users
mailing list