[Openswan Users] Recent Gateway Disconnects

Paul Wouters paul at xelerance.com
Tue May 17 16:35:57 EDT 2011


On Tue, 17 May 2011, Judy Leach wrote:

> We have been running Openswan for about 3 months now without issue. This past Friday, a couple of
> users reported that the gateway was disconnecting them. We are using Shrew as the client on the
> Windows side and it is configured to use an existing adapter and IP address. At first I thought the
> disconnect was due to the fact that two users had the same local IP (both users had LAN IP address
> 192.168.1.102 assigned via DHCP) as they were in separate locations. I reconfigured Shrew to use a
> Virtual Adapter and assigned IP address which seems to have resolved the IP address conflict.
> However, one of the users is still being disconnected by the gateway. /var/log/secure shows the
> following error message when the disconnect happens: pluto[19875]: ERROR: asynchronous network error
> report on eth0 (sport=4500) for message to xxx.xxx.xxx.xxx port 61791, complainant xxx.xxx.xxx.xxx:
> Message too long [errno 90, origin ICMP type 3 code 4 (not authenticated)]
>  
> Note that I changed the public IP to xxx.xxx.xxx.xxx and the complainant and message to addresses
> are not the same. Any help in figuring this out would be greatly appreciated as a Google search does
> not return many results.

Can you lower the MTU on the virtual interface you added? To something like 1400?

I think some router in between (you masked the ip so I cannot tell if it is the endnode/NAT router
or not) can't forward the packet because after encryption it becomes too big (prob > 1500)

Paul


More information about the Users mailing list