[Openswan Users] Openswan NAT Problems

Paul Wouters paul at xelerance.com
Wed Nov 4 19:46:37 EST 2009

On Wed, 4 Nov 2009, Colin John Talbot wrote:

> I'm running Openswan 2.4.12 on ubuntu and followed the setup guide at
> http://www.natecarlson.com/linux/ipsec-l2tp.php which is running
> perfectly.

> Nov  4 13:24:54 CJ-Filer pluto[7848]: "roadwarrior-l2tp-oldwin"[1]
> #2: STATE_QUICK_R2: IPsec SA established {ESP=>0x4062c9a1
> <0x2f4704af xfrm=3DES_0-HMAC_MD5 NATD= DPD=none}
> Nov  4 13:24:59 CJ-Filer pluto[7848]: ERROR: asynchronous network error
> report on eth0 (sport=4500) for message to port 42837,
> complainant No route to host [errno 113, origin ICMP type
> 3 code 1 (not authenticated)]

It's a known bug.

Either grab _updown.netkey from openswan 2.6.x and replace your 2.4.12 "_updown",
or try out 2.6.14rc1 which incorporates most fixes to make L2TP work with openswan
2.6. You might need to use 2.6.14rc2 which I will try to release tomorrow
(or grab the git version)

ps. I also posted the _updown script on the list a week or so ago.

More information about the Users mailing list