<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;" class=""><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif; color:rgba(127, 127, 127, 1.0);" class=""><b class="">Rescued from the spam bucket. Please remember to subscribe to the mailing list before posting to it.</b></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;" class=""><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif; color:rgba(127, 127, 127, 1.0);" class=""><b class=""><br class=""></b></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;" class=""><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif; color:rgba(127, 127, 127, 1.0);" class=""><b class="">From: </b></span><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif;" class="">aleksi kallio <<a href="mailto:almikale@gmail.com" class="">almikale@gmail.com</a>><br class=""></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;" class=""><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif; color:rgba(127, 127, 127, 1.0);" class=""><b class="">Subject: </b></span><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif;" class=""><b class="">Openswan not updating routing tables after connection restart</b><br class=""></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;" class=""><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif; color:rgba(127, 127, 127, 1.0);" class=""><b class="">Date: </b></span><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif;" class="">May 18, 2016 at 9:37:27 AM EDT<br class=""></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;" class=""><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif; color:rgba(127, 127, 127, 1.0);" class=""><b class="">To: </b></span><span style="font-family: -webkit-system-font, Helvetica Neue, Helvetica, sans-serif;" class=""><a href="mailto:users@lists.openswan.org" class="">users@lists.openswan.org</a><br class=""></span></div><br class=""><br class=""><div dir="ltr" class="">Hi,<div class=""><br class=""></div><div class=""><p class="MsoNormal"><span lang="EN-US" style="font-size:12pt;line-height:115%;font-family:Arial,sans-serif" class="">I’m having issues
with openswan vpn-client. When vpn-tunnel is first established the connection
works fine. If the vpn-server reboots, openswan seems to delete the connection
from client machines routing tables. After the vpn-server is rebooted, the tunnel
is re-established correctly, but nothing goes through it, because openswan
doesn’t update the routing table of the client machine. If I manually add the
vpn-connection to the routing tables with ip route add, the connection works fine again. </span></p><p class="MsoNormal"><span lang="EN-US" style="font-size:12pt;line-height:115%;font-family:Arial,sans-serif" class="">I’ve tried different
dpd-actions and timeouts, and I’ve removed all the rules from the firewall of
the client machine, but nothing seems to work.</span></p><p class="MsoNormal"><span lang="EN-US" style="font-size:12pt;line-height:115%;font-family:Arial,sans-serif" class="">What causes openswan
not to update routing tables after vpn-connection is re-established?</span></p><p class="MsoNormal"><span lang="EN-US" style="font-size:12pt;line-height:115%;font-family:Arial,sans-serif" class=""><br class=""></span></p><p class="MsoNormal"><span lang="EN-US" style="font-size:12pt;line-height:115%;font-family:Arial,sans-serif" class="">Here is the /etc/ipsec.conf of the client machine:</span></p><p class="MsoNormal"><span lang="EN-US" style="font-size:12pt;line-height:115%;font-family:Arial,sans-serif" class=""><br class=""></span></p><p class="MsoNormal"><font face="Arial, sans-serif" class=""><span style="font-size:16px;line-height:18.4px" class="">version 2.0</span></font></p><p class="MsoNormal"><font face="Arial, sans-serif" class=""><span style="font-size:16px;line-height:18.4px" class=""><br class=""></span></font></p><p class="MsoNormal"><font face="Arial, sans-serif" class=""><span style="font-size:16px;line-height:18.4px" class="">config setup</span></font></p><p class="MsoNormal"><font face="Arial, sans-serif" class=""><span style="font-size:16px;line-height:18.4px" class=""> plutodebug="none"</span></font></p><p class="MsoNormal"><font face="Arial, sans-serif" class=""><span style="font-size:16px;line-height:18.4px" class=""> nat_traversal=yes</span></font></p><p class="MsoNormal"><font face="Arial, sans-serif" class=""><span style="font-size:16px;line-height:18.4px" class=""> keep_alive=15</span></font></p><p class="MsoNormal"><font face="Arial, sans-serif" class=""><span style="font-size:16px;line-height:18.4px" class=""> force_keepalive=yes</span></font></p><p class="MsoNormal"><font face="Arial, sans-serif" class=""><span style="font-size:16px;line-height:18.4px" class=""> protostack=auto</span></font></p><div class=""><font face="Arial, sans-serif" class=""><span style="font-size:16px;line-height:18.4px" class=""> </span></font><br class="webkit-block-placeholder"></div><p class="MsoNormal"><font face="Arial, sans-serif" class=""><span style="font-size:16px;line-height:18.4px" class="">conn home</span></font></p><p class="MsoNormal"><font face="Arial, sans-serif" class=""><span style="font-size:16px;line-height:18.4px" class=""> left=%defaultroute</span></font></p><p class="MsoNormal"><font face="Arial, sans-serif" class=""><span style="font-size:16px;line-height:18.4px" class=""> leftsubnet=...</span></font></p><p class="MsoNormal"><font face="Arial, sans-serif" class=""><span style="font-size:16px;line-height:18.4px" class=""> leftsourceip=...</span></font></p><p class="MsoNormal"><font face="Arial, sans-serif" class=""><span style="font-size:16px;line-height:18.4px" class=""> leftcert=client.crt</span></font></p><p class="MsoNormal"><font face="Arial, sans-serif" class=""><span style="font-size:16px;line-height:18.4px" class=""> right=...</span></font></p><p class="MsoNormal"><font face="Arial, sans-serif" class=""><span style="font-size:16px;line-height:18.4px" class=""> rightsubnet=...</span></font></p><p class="MsoNormal"><font face="Arial, sans-serif" class=""><span style="font-size:16px;line-height:18.4px" class=""> rightrsasigkey=%cert</span></font></p><p class="MsoNormal"><font face="Arial, sans-serif" class=""><span style="font-size:16px;line-height:18.4px" class=""> rightcert=server.crt</span></font></p><p class="MsoNormal"><font face="Arial, sans-serif" class=""><span style="font-size:16px;line-height:18.4px" class=""> rightid=%fromcert</span></font></p><p class="MsoNormal"><font face="Arial, sans-serif" class=""><span style="font-size:16px;line-height:18.4px" class=""> authby=rsasig</span></font></p><p class="MsoNormal"><font face="Arial, sans-serif" class=""><span style="font-size:16px;line-height:18.4px" class=""> #Phase 1</span></font></p><p class="MsoNormal"><font face="Arial, sans-serif" class=""><span style="font-size:16px;line-height:18.4px" class=""> keyexchange=ike</span></font></p><p class="MsoNormal"><font face="Arial, sans-serif" class=""><span style="font-size:16px;line-height:18.4px" class=""> ike=aes256-sha1</span></font></p><p class="MsoNormal"><font face="Arial, sans-serif" class=""><span style="font-size:16px;line-height:18.4px" class=""> #Phase 2</span></font></p><p class="MsoNormal"><font face="Arial, sans-serif" class=""><span style="font-size:16px;line-height:18.4px" class=""> phase2alg=aes256-sha1</span></font></p><p class="MsoNormal"><font face="Arial, sans-serif" class=""><span style="font-size:16px;line-height:18.4px" class=""> keylife=28800s</span></font></p><p class="MsoNormal"><font face="Arial, sans-serif" class=""><span style="font-size:16px;line-height:18.4px" class=""> rekeymargin=540s</span></font></p><p class="MsoNormal"><font face="Arial, sans-serif" class=""><span style="font-size:16px;line-height:18.4px" class=""> rekeyfuzz=100%</span></font></p><p class="MsoNormal"><font face="Arial, sans-serif" class=""><span style="font-size:16px;line-height:18.4px" class=""> dpddelay=5</span></font></p><p class="MsoNormal"><font face="Arial, sans-serif" class=""><span style="font-size:16px;line-height:18.4px" class=""> dpdtimeout=10</span></font></p><p class="MsoNormal"><font face="Arial, sans-serif" class=""><span style="font-size:16px;line-height:18.4px" class=""> dpdaction=restart</span></font></p><p class="MsoNormal"><font face="Arial, sans-serif" class=""><span style="font-size:16px;line-height:18.4px" class=""> forceencaps=yes</span></font></p><div class=""><font face="Arial, sans-serif" class=""><span lang="EN-US" style="font-size:16px;line-height:18.4px" class=""></span></font><br class="webkit-block-placeholder"></div><p class="MsoNormal"><font face="Arial, sans-serif" class=""><span style="font-size:16px;line-height:18.4px" class=""> auto=start</span></font></p></div></div>
<br class=""><br class=""></body></html>