[Openswan Users] Recent Gateway Disconnects

Judy Leach jleach at texadasoftware.com
Wed May 18 14:57:18 EDT 2011 

Thanks Paul,

I will try this out. Oddly enough (or maybe not so oddly), we have not had 
any disconnects today and I have not made any changes yet.

Judy
-----Original Message----- 
From: Paul Wouters
Sent: Tuesday, May 17, 2011 4:35 PM
To: Judy Leach
Cc: users at openswan.org
Subject: Re: [Openswan Users] Recent Gateway Disconnects

On Tue, 17 May 2011, Judy Leach wrote:

> We have been running Openswan for about 3 months now without issue. This 
> past Friday, a couple of
> users reported that the gateway was disconnecting them. We are using Shrew 
> as the client on the
> Windows side and it is configured to use an existing adapter and IP 
> address. At first I thought the
> disconnect was due to the fact that two users had the same local IP (both 
> users had LAN IP address
> 192.168.1.102 assigned via DHCP) as they were in separate locations. I 
> reconfigured Shrew to use a
> Virtual Adapter and assigned IP address which seems to have resolved the 
> IP address conflict.
> However, one of the users is still being disconnected by the gateway. 
> /var/log/secure shows the
> following error message when the disconnect happens: pluto[19875]: ERROR: 
> asynchronous network error
> report on eth0 (sport=4500) for message to xxx.xxx.xxx.xxx port 61791, 
> complainant xxx.xxx.xxx.xxx:
> Message too long [errno 90, origin ICMP type 3 code 4 (not authenticated)]
>  Note that I changed the public IP to xxx.xxx.xxx.xxx and the complainant 
> and message to addresses
> are not the same. Any help in figuring this out would be greatly 
> appreciated as a Google search does
> not return many results.

Can you lower the MTU on the virtual interface you added? To something like 
1400?

I think some router in between (you masked the ip so I cannot tell if it is 
the endnode/NAT router
or not) can't forward the packet because after encryption it becomes too big 
(prob > 1500)

Paul



-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 10.0.1375 / Virus Database: 1509/3643 - Release Date: 05/17/11

More information about the Users mailing list