[Openswan dev] starter-0.3 and default route
Michael Richardson
mcr at sandelman.ottawa.on.ca
Mon May 10 12:36:46 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Joshua" == Joshua Jackson <sfs at vortech.net> writes:
Joshua> I ran into this as well. In the doroute() function of the
Joshua> _updown script, changing the following line:
Joshua> parms2="dev $PLUTO_INTERFACE gw $PLUTO_NEXT_HOP"
Joshua> to:
Joshua> parms2="dev $PLUTO_INTERFACE"
Yes, that gets rid of nexthop.
Alas, this changes some items in the routing cache, and invalidates
the route that is attached to a %trap'ed packet, and it is not released
correctly. This has profoundly negative effects on any kind of
on-demand keying (such as done by OE, but also for anyone that builds a
mesh network of any kind).
So, we will be leaving the nexthop stuff in for awhile longer, but
probably making it not required by pluto very soon.
- --
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr at xelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQJ+hjYqHRg3pndX9AQHGCAQAtllUP5yPAEKh3bvDODX5ThrCWOsmzHTk
KZn2Y32UOOl3W0/sJToOhB7XSGovu2MhLIUPjZnIDJymefQOzXxm+Z5FuT9mGgSw
pYG0MpgeBobzXNlAAv/CJNSFxUxh+yH1tppoAk6oKPeZLIYN4ukOLaN02DDATG5O
ZJWgVOGFoOc=
=j7zh
-----END PGP SIGNATURE-----
More information about the Dev
mailing list