On Wed, 21 Sep 2016, Noam Singer wrote:
The error I am getting is this:
/var/log/auth.log:Sep 21 07:19:01 ip-10-xxx-xxx-xxx pluto:
"connSTzzzz/2x2" #87478: ERROR: asynchronous network error report on eth0
(sport=500) for message to 54.yyy.yyy.yyy port
500, complainant 10.xxx.xxx.xxx: No route to host [errno 113, origin ICMP type
3 code 1 (not authenticated)]
You have to read that error very literally.
You received an ICMP message from 10.xxx.xxx.xxx saying "no route to
host". Of course, since it is not encrypted/authenticated, libreswan
has no choice but to ignore it and keep trying. But in this case,
it seems that you really have no route to your remote endpoint.
Without a rout to the destination, there can be no IKE negotiation
to establish IPsec.
Swan mailing list