[Openswan dev] Openswan 2.3.0 multiple defaultroute patch
Dirk Nehring
dnehring at marcant.net
Thu Feb 3 08:18:33 CET 2005
On Thu, Feb 03, 2005 at 02:17:21AM +0100, Paul Wouters wrote:
> On Tue, 1 Feb 2005, Dirk Nehring wrote:
>
> >unfortunately, Openswan does not support multiple defaultroutes. Since
> >2.6 it is not a principle problem to route ESP packets via more than one
> >defaultroute. Here is my first patch for inclusion, if you like it,
> >please apply.
> >
> >--------------------------------------------------
> >diff -ur openswan-2.2.0.orig/programs/_startklips/_startklips.in
> >openswan-2.2.0/programs/_startklips/_startklips.in
> >--- openswan-2.2.0.orig/programs/_startklips/_startklips.in 2004-07-15
> >04:34:42.000000000 +0200
> >+++ openswan-2.2.0/programs/_startklips/_startklips.in 2004-11-26
> >13:21:37.142594304 +0100
> >@@ -192,7 +192,7 @@
> ># interfaces=%defaultroute: put ipsec0 on top of default route's interface
> >defaultinterface() {
> > phys=`netstat -nr |
> >- awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $NF }'`
> >+ awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $NF }' |
> >head -1`
> > if test " $phys" = " "
> > then
> > echo "no default route, %defaultroute cannot cope!!!"
>
> That however breaks klips.
Sure. But then this check should only be done when klips is activated.
>
> This whole part needs to be rewritten to use ip rule (source routing)
> anyway.
>
> But I am not sure how you handle more default routes. Do you have one
> interface
> with multiple default gateways? Or multiple interfaces with their own IP
> address
> and a default route? Because the latter wouldn't work if one default route
> vanished, since it would take down the IP address as well.
I have one interface with more than one default route:
root at eql:~$ ip route show
[...]
default equalize
nexthop via 1.2.3.4 dev eth0 weight 1
nexthop via 1.2.3.5 dev eth0 weight 1
nexthop via 1.2.3.6 dev eth0 weight 1
ipsec works without problems over more than 1 default route and openswan
should get fixed for this.
Dirk
More information about the Dev
mailing list