[Swan-dev] _parse_pam_auth_rsp: AUTH FAILURE
Paul Wouters
paul at nohats.ca
Thu Dec 10 03:51:37 UTC 2020
On Wed, 9 Dec 2020, Balaji Thoguluva wrote:
> With the 3.32 version, we tested IPsec Rekey functionality. But we are not able to see the expected behavior of rekey. We tried establishing a tunnel
> between the 2 Libreswan. What we noticed is when one of the Libreswan sends CREATE_CHILD_SA request to the other end, the other end sends ICMP 550
> destination unreachable (Communication administratively prevented) error message.
>
> Attached is a zip of wireshark, initiator and responder pluto logs.
>
> Dec 9 12:14:26.800597: | 02 00 01 f4 0a c4 ff 4b 00 00 00 00 00 00 00 00
> Dec 9 12:14:26.800617: "taccert" #1: ERROR: asynchronous network error report on ens32 (10.196.253.12:500) for message to 10.196.255.75 port 500,
> complainant 10.196.255.75: No route to host [errno 113, origin ICMP type 3 code 13 (not authenticated)]
> Dec 9 12:14:26.800630: | spent 0.181 milliseconds in comm_handle_cb() calling check_incoming_msg_errqueue()
>
> If you can shed some light on this, that would be great.
That's weird. Your endpoint sends an No route to host ?
That looks like something strange is happening in your network. It is
not related to libreswan, but possible to routing table or firewall
changes?
Paul
More information about the Swan-dev
mailing list