[Openswan Users] Openswan NAT Problems
Paul Wouters
paul at xelerance.com
Wed Nov 4 19:46:37 EST 2009
On Wed, 4 Nov 2009, Colin John Talbot wrote:
> I'm running Openswan 2.4.12 on ubuntu and followed the setup guide at
> http://www.natecarlson.com/linux/ipsec-l2tp.php which is running
> perfectly.
> Nov 4 13:24:54 CJ-Filer pluto[7848]: "roadwarrior-l2tp-oldwin"[1]
> 195.26.42.82 #2: STATE_QUICK_R2: IPsec SA established {ESP=>0x4062c9a1
> <0x2f4704af xfrm=3DES_0-HMAC_MD5 NATD=195.26.42.82:42837 DPD=none}
>
> Nov 4 13:24:59 CJ-Filer pluto[7848]: ERROR: asynchronous network error
> report on eth0 (sport=4500) for message to 195.26.42.82 port 42837,
> complainant 86.28.177.52: No route to host [errno 113, origin ICMP type
> 3 code 1 (not authenticated)]
It's a known bug.
Either grab _updown.netkey from openswan 2.6.x and replace your 2.4.12 "_updown",
or try out 2.6.14rc1 which incorporates most fixes to make L2TP work with openswan
2.6. You might need to use 2.6.14rc2 which I will try to release tomorrow
(or grab the git version)
Paul
ps. I also posted the _updown script on the list a week or so ago.
More information about the Users
mailing list