[Swan] Handling: ERROR: asynchronous network error report on eth0 (sport=500) ... No route to host
Paul Wouters
paul at nohats.ca
Wed Sep 21 15:33:45 UTC 2016
On Wed, 21 Sep 2016, Noam Singer wrote:
> The error I am getting is this:
>
> /var/log/auth.log:Sep 21 07:19:01 ip-10-xxx-xxx-xxx pluto[7546]: "connSTzzzz/2x2" #87478: ERROR: asynchronous network error report on eth0 (sport=500) for message to 54.yyy.yyy.yyy port
> 500, complainant 10.xxx.xxx.xxx: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)]
You have to read that error very literally.
You received an ICMP message from 10.xxx.xxx.xxx saying "no route to
host". Of course, since it is not encrypted/authenticated, libreswan
has no choice but to ignore it and keep trying. But in this case,
it seems that you really have no route to your remote endpoint.
Without a rout to the destination, there can be no IKE negotiation
to establish IPsec.
Paul
More information about the Swan
mailing list