[Openswan dev] Using left=%defaultroute without interfaces=%defaultroute fix

[Paul Wouters]

Hi,

I was looking into Marc's problem and noticed an issue with using the
%defaultroute option in interfaces.

If you use interfaces=%defaultroute, then _startklips will determine
the proper interface to bind the virtual interface to. It also sets a
few variables, such as $defaultrouteaddr and $defaultroutenexthop.

Those are used by the auto script to fill in the ip addres in case you
are using: left=%defaultroute

Now the problem is when you have more then one interface on which you
want to run ipsec. In those cases you cannot use "interfaces=%defaultroute",
you need something like "interfaces=ipsec0=eth0 ipsec=eth1"

But when "%defaultroute" is missing, then the address and nexthop for
the left=%defaultroute paramter is not calculated by _startklips, and
'auto' will give an error about 'but defaultroute not known', even if
there is a defaultroute on the machine.

Now I think the following will work (limited testing):

interfaces="%defaultroute ipsec1=eth1"

At least, it didnt break my eth0-ipsec0 (I didnt test running ipsec on eth1)

Now, this is far from intuitive. As a fix, I would want to propose to have
_startklips try to calculate $defaultrouteaddr and $defaultroutenexthop
regardless of the occurance of %defaultroute in the interfaces line.
This ensures that any referene later in a left=%defaultroute will work
when someone specifies multiple ipsecX interfaces without using %defaultroute.

Comments?

Paul