[Openswan dev] starter and default route
Mathieu Lafon
mlafon at arkoon.net
Mon May 10 11:08:31 CEST 2004
Vinay K Nallamothu wrote:
> The following piece of code from starter-0.3/interfaces.c deletes the
> default route added by bringing up an ipsec interface.
> starter-0.3/interfaces.c
> ===========================================
> /* remove default route created by IFF_UP. we don't need it and
it
> * can cause problems
> */
> if (rt.rt_dst.sa_family && rt.rt_genmask.sa_family) {
> struct sockaddr_in *dst, *msk;
> dst = (struct sockaddr_in *)&rt.rt_dst;
> msk = (struct sockaddr_in *)&rt.rt_genmask;
> rt.rt_flags = RTF_UP;
> rt.rt_dev = iface->name;
> dst->sin_addr.s_addr &= msk->sin_addr.s_addr;
> ioctl(sock, SIOCDELRT, &rt);
> }
> "rw"[1] 192.168.1.41 #2: route-host output: SIOCADDRT: Network is
unreachable
> "rw"[1] 192.168.1.41 #2: route-host output:
/usr/local/lib/ipsec/_updown:
> `route add -net 192.168.1.41 netmask 255.255.255.255 dev ipsec0 gw
192.168.1.41' failed
> "rw"[1] 192.168.1.41 #2: route-host output:
/usr/local/lib/ipsec/_updown:
> (incorrect or missing nexthop setting??)
You're right, we must not remove ipsec default route by default. I use a
modified _updown script which does not rely on this route, so i
automaticaly
remove it in starter. This must me removed in stock openswan.
--
Mathieu Lafon - Arkoon Network Security
More information about the Dev
mailing list