[Openswan Users] VPN works but getting errors

Jeremy Schaeffer service at phonesplus.biz
Thu May 3 08:41:33 EDT 2012 

Yes, that is true. One connection I am having issues trying to get it 
up. Due to the internet carrier I have to run it behind a nat and it 
looks like it does not have ipsec passthrew turned on and I have not 
gotten to looking over the carrier's router to see how to turn that on. 
The other connection works fine, but I keep getting those lines in the 
syslog.

The other connection that does not work gives this error:

May  2 08:19:21 services pluto[23699]: ERROR: asynchronous network error 
report on eth2 (sport=500) for message to x.x.x.x port 500, complainant 
x.x.x.x: Connection refused [errno 111, origin ICMP type 3 code 3 (not 
authenticated)]

My ipsec.conf is:

config setup
myid=@{removed}
     interfaces=%defaultroute
     nat_traversal=yes
     oe=off
     protostack=netkey
     virtual_private=%v4:172.29.0.0/16
     syslog=syslog.debug

conn VOIP-VPN
     auth=esp
     authby=secret
     auto=add
     ike=3des-md5;modp2048
     left=69.128.165.227
leftid=@{removed}
     leftnexthop=69.128.165.225
     leftsourceip=172.28.130.1
     leftsubnet=172.28.130.1/24
     pfs=yes
     phase2alg=3des-md5;modp2048
     right=%any
     rightnexthop=%direct
     rightsubnet=vhost:%priv,%no


The end points are:
Engenius EVR100 (this one works but is getting the errors in the syslog)
Netgear FVS318G (this one is behind a nat and not working)

- Jeremy

On 5/3/2012 00:26, Paul Wouters wrote:
> On Wed, 2 May 2012, Jeremy Schaeffer wrote:
>
> Looks like you have two connections racing? So one is up, but
> the other instance keeps trying and gets rejected. A lot, as
> your count is up to 325300.
>
> Paul
>
>> Date: Wed, 2 May 2012 15:48:14
>> From: Jeremy Schaeffer <service at phonesplus.biz>
>> To: users at lists.openswan.org
>> Subject: [Openswan Users] VPN works but getting errors
>>
>> I have a functioning VPN connection between my centos box and a 
>> router with a dynamic connection. The VPN works, but I keep getting 
>> this message in the log files constantly -
>>
>> May  2 08:19:22 services pluto[23699]: "VOIP-VPN"[4] x.x.x.x #325300: 
>> ignoring informational payload, type NO_PROPOSAL_CHOSEN msgid=00000000
>> May  2 08:19:22 services pluto[23699]: "VOIP-VPN"[4] x.x.x.x #325300: 
>> received and ignored informational message
>>
>> What causes it? It is something to worry about and can I shut it off? 
>> - Jeremy
>>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: service.vcf
Type: text/x-vcard
Size: 294 bytes
Desc: not available
URL: <https://lists.openswan.org/pipermail/users/attachments/20120503/d1152d87/attachment.vcf>

More information about the Users mailing list