[Swan] Handling: ERROR: asynchronous network error report on eth0 (sport=500) ... No route to host
Noam Singer
noam at fortycloud.com
Wed Sep 21 11:26:05 UTC 2016
Hello everyone,
I am using LibreSwan 3.16 and connecting several machines in different AWS
regions.
On one machine, one of the connections repeatedly fails with the following
error. The connection was OK a couple of days ago, but started failing last
week
All other connections in that machine are ok with the exception of this one
failing.
The error I am getting is this:
/var/log/auth.log:Sep 21 07:19:01 ip-10-xxx-xxx-xxx pluto[7546]:
"connSTzzzz/2x2" #87478: ERROR: asynchronous network error report on eth0
(sport=500) for message to 54.yyy.yyy.yyy port 500, complainant
10.xxx.xxx.xxx: No route to host [errno 113, origin ICMP type 3 code 1 (not
authenticated)]
I tried both "ipsec auto --up connSTxxxx" & "ipsec auto --start
connSTxxxx", but these do not help fixing the problem.
The configuration file for this one is:
conn connSTxxxx
authby=rsasig
auto=start
dpdaction=restart
dpddelay=30
dpdtimeout=120
forceencaps=yes
ike=aes128-sha1
ikelifetime=86400s
keyingtries=3
left=%defaultroute
leftid=@52.XXX.XXX.XXX ### Censored
leftrsasigkey=0sAQO...INdt1 ### Censored
leftsubnets=10.xxx.0.0/16,172.xxx.xxx.0/24 ### Censored
leftupdown=/usr/fortycloud/libreSwanUpDown.sh # my up-down script
pfs=no
phase2alg=aes128-sha1
right=54.yyy.yyy.yyy ### Censored
rightid=@54.yyy.yyy.yyy ### Censored
rightrsasigkey=0sAQPxq6...PyQTST ### Censored
rightsubnets=10.xxx.0.0/16,172.xxx.xxx.0/24 ### Censored
salifetime=28800s
type=tunnel
What could be the cause for this problem and how can it be fixed?
Thanks in advance
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20160921/2f101777/attachment.html>
More information about the Swan
mailing list