[Openswan Users] IPsec after restart won't come up again: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)]

Neal Murphy neal.p.murphy at alum.wpi.edu
Wed Apr 10 22:18:08 UTC 2013


On Wednesday, April 10, 2013 05:51:00 PM Gertjan Baarda wrote:
> 
> ERROR: asynchronous network error report on eth0 for message to
> 84.xxx.235.52 port 500, complainant 84.xxx.232.133: No route to host [errno
> 113, origin ICMP type 3 code 1 (not authenticated)]
> ...
> - Which route is it talking about here?
> - Google suggest their might be a routing issue 'on the other side'. Is it
> possible the other side changed something during the 100+ days of uptime
> that it won't start now?
> - Any help would be much appreciated, cause my customer will not like it
> tomorrow morning. ;-)

The remote's router (232.133) is kvetching; it doesn't know how to reach 
.235.52.

Typically, you must be able to reach the host normally for IPSEC to work.

If you can't ping or traceroute .232.52, it's either down or its address 
changed, or the routing tables in .232.133 changed.

Another possibility is that the remote is not set to 'auto'; that is, the VPN 
must be started manually from the remote end.


More information about the Users mailing list