[Swan] Handling: ERROR: asynchronous network error report on eth0 (sport=500) ... No route to host

Paul Wouters paul at nohats.ca
Wed Sep 21 15:33:45 UTC 2016

On Wed, 21 Sep 2016, Noam Singer wrote:

> The error I am getting is this:
> /var/log/auth.log:Sep 21 07:19:01 ip-10-xxx-xxx-xxx pluto[7546]: "connSTzzzz/2x2" #87478: ERROR: asynchronous network error report on eth0 (sport=500) for message to 54.yyy.yyy.yyy port
> 500, complainant 10.xxx.xxx.xxx: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)]

You have to read that error very literally.

You received an ICMP message from 10.xxx.xxx.xxx saying "no route to
host". Of course, since it is not encrypted/authenticated, libreswan
has no choice but to ignore it and keep trying. But in this case,
it seems that you really have no route to your remote endpoint.

Without a rout to the destination, there can be no IKE negotiation
to establish IPsec.


More information about the Swan mailing list