Re: [Swan] Handling: ERROR: asynchronous network error report on eth0 (sport=500) ... No route to host
On Wed, 21 Sep 2016, Noam Singer wrote: The error I am getting is this: /var/log/auth.log:Sep 21 07:19:01 ip-10-xxx-xxx-xxx pluto[7546]: "connST/2x2" #87478: ERROR: asynchronous network error report on eth0 (sport=500) for message to 54.yyy.yyy.yyy port 500, complainant 10.xxx.xxx.xxx: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] You have to read that error very literally. You received an ICMP message from 10.xxx.xxx.xxx saying "no route to host". Of course, since it is not encrypted/authenticated, libreswan has no choice but to ignore it and keep trying. But in this case, it seems that you really have no route to your remote endpoint. Without a rout to the destination, there can be no IKE negotiation to establish IPsec. Paul ___ Swan mailing list Swan@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan
[Swan] Handling: ERROR: asynchronous network error report on eth0 (sport=500) ... No route to host
Hello everyone, I am using LibreSwan 3.16 and connecting several machines in different AWS regions. On one machine, one of the connections repeatedly fails with the following error. The connection was OK a couple of days ago, but started failing last week All other connections in that machine are ok with the exception of this one failing. The error I am getting is this: /var/log/auth.log:Sep 21 07:19:01 ip-10-xxx-xxx-xxx pluto[7546]: "connST/2x2" #87478: ERROR: asynchronous network error report on eth0 (sport=500) for message to 54.yyy.yyy.yyy port 500, complainant 10.xxx.xxx.xxx: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] I tried both "ipsec auto --up connST" & "ipsec auto --start connST", but these do not help fixing the problem. The configuration file for this one is: conn connST authby=rsasig auto=start dpdaction=restart dpddelay=30 dpdtimeout=120 forceencaps=yes ike=aes128-sha1 ikelifetime=86400s keyingtries=3 left=%defaultroute leftid=@52.XXX.XXX.XXX ### Censored leftrsasigkey=0sAQO...INdt1 ### Censored leftsubnets=10.xxx.0.0/16,172.xxx.xxx.0/24 ### Censored leftupdown=/usr/fortycloud/libreSwanUpDown.sh # my up-down script pfs=no phase2alg=aes128-sha1 right=54.yyy.yyy.yyy ### Censored rightid=@54.yyy.yyy.yyy ### Censored rightrsasigkey=0sAQPxq6...PyQTST ### Censored rightsubnets=10.xxx.0.0/16,172.xxx.xxx.0/24 ### Censored salifetime=28800s type=tunnel What could be the cause for this problem and how can it be fixed? Thanks in advance ___ Swan mailing list Swan@lists.libreswan.org https://lists.libreswan.org/mailman/listinfo/swan
