Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 12 replies
  • Subscribers 1 subscriber
  • Views 10835 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSEC No Route to Host

darryljones
IPSEC remote connects - but does not work with the default IPSEC pool IP address.  Message in IPSEC live log is;

ERROR: asynchronous network error report on eth4 for message to 66.159.127.26 port 4500, complainant 66.159.127.26: No route to host [errno 113, origin ICMP type 3 code 13 (not authenticated)

Any suggestions how to get this routing issue solved is appreciated.


This thread was automatically locked due to age.
Parents
  • 0
    Can you see from the packet filter live log what blocked packets correspond to traffic with the specified IP?
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    there are no blocked packets with the corresponding IP address
  • 0 in reply to darryljones
    Version of Astaro - still 7.2x?  Had this worked with a prior version?

    Client-side software and version?

    Yours - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    thats correct

    It appears to me like packets are trying to route back to the real world address - the one from my DSL connection - and it should be trying to rote to the tunnel address from the IPSEC pool - 10.238.11.2
  • 0 in reply to darryljones
    I understand your response to mean that you are still on V7.2, and that this is a fresh, new IPSec configuration, not one that worked prior to a recent Up2Date.  Right?

    Someone should correct me if I'm wrong, but I believe the destination IP would be the 66. one above, not your internal one.  Isn't that the external IP of the client?

    I googled on "asynchronous network error report" (with quotes) and one possible cause could be the client configuration or a bug in the client - that was the reason for my question above.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Astaro box - v7.305
    Client - Linux - v2.21 build 014

    The client is quite old - and I have not been able to get a new Linux client.
  • 0 in reply to darryljones
    Is this relevant?
    [Openswan Users] Vendor ID payload [Vid-Initial-Contact]

    So, it worked before and was broken witht the 7.305 Up2Date?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    I'm having a very similar problem, getting tons of these in the IPSEC log:

    2008:12:05-13:24:35 (none) pluto[8801]: ERROR: asynchronous network error report on eth5 for message to CLIENT-IP port 4500, complainant GATEWAY-IP: No route to host [errno 113, origin ICMP type 11 code 1 (not authenticated)]

    using ASG 7.304.

    Users can auth fine, and we're not seeing any dropped packets.  Not a clue why its happening or when it started.  We just started using the VPN since upgrading from 7.2x to 7.3x

    Anyone have any idea how to fix it?
  • 0 in reply to tiredofnick
    What client are you using?
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply Children
Cookie Information Banner