On Fri, Mar 07, 2008 at 06:36:15PM -0700, Andrew Tolboe wrote: > I have been struggling with a problem with a ipsec/l2tp vpn server on my > firewall for a long time. The user will tell windows to connect, and > they connect to the ipsec just fine, connect to l2tpd just fine, get a > ip from pppd just fine. However once the ppp interface comes up on the > server ipsec starts to spit this message out > > Mar 3 21:59:26 firewall pluto[5135]: ERROR: asynchronous network error > report on br0 (sport=4500) for message to 155.97.239.238 port 4500, > complainant ***.***.103.174: No route to host [errno 113, origin I > CMP type 3 code 1 (not authenticated)] > As Tom pointed out, please read the documentation on this: http://www.shorewall.net/IPSEC-2.6.html#RW-L2TP
If you still have trouble let us know. > > Oh, and one more odd thing about this vpn, when i'm on the > ***-***-103-161. 255.255.255.240 subnet (so outside the firewall but > still on our own public ip space). The vpn works like a charm, no > problems at all (which is also why this problem is so confusing). > Do you have NAT-Traversal enabled on your VPN? Also, please run the 'route' command with the -n option so that we only get addresses and not host names. Also, please quit mangling the IP addresses in the way that you are doing, as it just makes the output more difficult and annoying to read. You do not gain anything in the way of security. Besides, 166.70.103.174 is much easier to read than is ***.***.103.174. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
signature.asc
Description: Digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
