[Openswan dev] starter-0.3 and default route

[Michael Richardson]

-----BEGIN PGP SIGNED MESSAGE-----


>>>>> "Joshua" == Joshua Jackson <sfs at vortech.net> writes:
    Joshua> I ran into this as well. In the doroute() function of the
    Joshua> _updown script, changing the following line:

    Joshua> parms2="dev $PLUTO_INTERFACE gw $PLUTO_NEXT_HOP"

    Joshua> to:

    Joshua> parms2="dev $PLUTO_INTERFACE"

  Yes, that gets rid of nexthop.

  Alas, this changes some items in the routing cache, and invalidates
the route that is attached to a %trap'ed packet, and it is not released
correctly.  This has profoundly negative effects on any kind of
on-demand keying (such as done by OE, but also for anyone that builds a
mesh network of any kind).

  So, we will be leaving the nexthop stuff in for awhile longer, but
probably making it not required by pluto very soon.

- --
]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr at xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQJ+hjYqHRg3pndX9AQHGCAQAtllUP5yPAEKh3bvDODX5ThrCWOsmzHTk
KZn2Y32UOOl3W0/sJToOhB7XSGovu2MhLIUPjZnIDJymefQOzXxm+Z5FuT9mGgSw
pYG0MpgeBobzXNlAAv/CJNSFxUxh+yH1tppoAk6oKPeZLIYN4ukOLaN02DDATG5O
ZJWgVOGFoOc=
=j7zh
-----END PGP SIGNATURE-----