[Openswan dev] starter and default route

Vinay K Nallamothu vinay.nallamothu at gsecone.com
Mon May 10 14:08:08 CEST 2004


Hi,

The following piece of code from starter-0.3/interfaces.c deletes the
default route added by bringing up an ipsec interface.

starter-0.3/interfaces.c
===========================================
        /* remove default route created by IFF_UP. we don't need it and it
         * can cause problems
         */
        if (rt.rt_dst.sa_family && rt.rt_genmask.sa_family) {
                struct sockaddr_in *dst, *msk;
                dst = (struct sockaddr_in *)&rt.rt_dst;
                msk = (struct sockaddr_in *)&rt.rt_genmask;
                rt.rt_flags = RTF_UP;
                rt.rt_dev = iface->name;
                dst->sin_addr.s_addr &= msk->sin_addr.s_addr;
                ioctl(sock, SIOCDELRT, &rt);
        }
===========================================

However this is creating a problem with "ipsec route-host" throwing the
folloiwng error.
==========================================
"rw"[1] 192.168.1.41 #2: route-host output: SIOCADDRT: Network is unreachable
"rw"[1] 192.168.1.41 #2: route-host output: /usr/local/lib/ipsec/_updown: `route add -net 192.168.1.41 netmask 255.255.255.255 dev ipsec0 gw 192.168.1.41' failed
"rw"[1] 192.168.1.41 #2: route-host output: /usr/local/lib/ipsec/_updown: (incorrect or missing nexthop setting??)
"rw"[1] 192.168.1.41 #2: route-host command exited with status 7
"rw"[1] 192.168.1.41 #2: route-host output: SIOCADDRT: Network is unreachable
"rw"[1] 192.168.1.41 #2: route-host output: /usr/local/lib/ipsec/_updown: `route add -net 192.168.1.41 netmask 255.255.255.255 dev ipsec0 gw 192.168.1.41' failed
"rw"[1] 192.168.1.41 #2: route-host output: /usr/local/lib/ipsec/_updown: (incorrect or missing nexthop setting??)
"rw"[1] 192.168.1.41 #2: route-host command exited with status 7
==========================================

Deleting the above piece of code works for me. Want to know whether
there is something wrong with my config or a problem with starter.

Here is my ipsec.conf
===========================================
config setup
        interfaces="ipsec0=eth0"
        nat_traversal=yes

conn test
        right=%any
        left=192.168.1.111
        auto=add
        authby=secret

Thanks
Vinay
-- 
****** This email is confidential and is intended for the original
recipient(s) only. If you have erroneously received this mail, please
delete it immediately and notify the sender. Unauthorized copying,
disclosure or distribution of the material in this mail is prohibited.
Views expressed in this mail are those of the individual sender and do
not bind Gsec1 Limited. or its subsidiary, unless the sender has done so
expressly with due authority of Gsec1.******




More information about the Dev mailing list