On Wed, 9 Dec 2020, Balaji Thoguluva wrote:
With the 3.32 version, we tested IPsec Rekey functionality. But we are not able
to see the expected behavior of rekey. We tried establishing a tunnel
between the 2 Libreswan. What we noticed is when one of the Libreswan sends
CREATE_CHILD_SA request to the other end, the other end sends ICMP 550
destination unreachable (Communication administratively prevented) error
message.
Attached is a zip of wireshark, initiator and responder pluto logs.
Dec 9 12:14:26.800597: | 02 00 01 f4 0a c4 ff 4b 00 00 00 00 00 00 00 00
Dec 9 12:14:26.800617: "taccert" #1: ERROR: asynchronous network error report
on ens32 (10.196.253.12:500) for message to 10.196.255.75 port 500,
complainant 10.196.255.75: No route to host [errno 113, origin ICMP type 3 code
13 (not authenticated)]
Dec 9 12:14:26.800630: | spent 0.181 milliseconds in comm_handle_cb() calling
check_incoming_msg_errqueue()
If you can shed some light on this, that would be great.
That's weird. Your endpoint sends an No route to host ?
That looks like something strange is happening in your network. It is
not related to libreswan, but possible to routing table or firewall
changes?
Paul
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
