[Openswan dev] Openswan 2.3.0 multiple defaultroute patch

Dirk Nehring dnehring at marcant.net
Thu Feb 3 08:18:33 CET 2005 

On Thu, Feb 03, 2005 at 02:17:21AM +0100, Paul Wouters wrote:
> On Tue, 1 Feb 2005, Dirk Nehring wrote:
>
> >unfortunately, Openswan does not support multiple defaultroutes. Since
> >2.6 it is not a principle problem to route ESP packets via more than one
> >defaultroute. Here is my first patch for inclusion, if you like it,
> >please apply.
> >
> >--------------------------------------------------
> >diff -ur openswan-2.2.0.orig/programs/_startklips/_startklips.in
> >openswan-2.2.0/programs/_startklips/_startklips.in
> >--- openswan-2.2.0.orig/programs/_startklips/_startklips.in     2004-07-15
> >04:34:42.000000000 +0200
> >+++ openswan-2.2.0/programs/_startklips/_startklips.in  2004-11-26
> >13:21:37.142594304 +0100
> >@@ -192,7 +192,7 @@
> ># interfaces=%defaultroute:  put ipsec0 on top of default route's interface
> >defaultinterface() {
> >       phys=`netstat -nr |
> >-               awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $NF }'`
> >+               awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $NF }' |
> >head -1`
> >       if test " $phys" = " "
> >       then
> >               echo "no default route, %defaultroute cannot cope!!!"
>
> That however breaks klips.

Sure. But then this check should only be done when klips is activated.

>
> This whole part needs to be rewritten to use ip rule (source routing)
> anyway.
>
> But I am not sure how you handle more default routes. Do you have one
> interface
> with multiple default gateways? Or multiple interfaces with their own IP
> address
> and a default route? Because the latter wouldn't work if one default route
> vanished, since it would take down the IP address as well.

I have one interface with more than one default route:

root at eql:~$ ip route show
[...]
default equalize
        nexthop via 1.2.3.4  dev eth0 weight 1
        nexthop via 1.2.3.5  dev eth0 weight 1
        nexthop via 1.2.3.6  dev eth0 weight 1


ipsec works without problems over more than 1 default route and openswan
should get fixed for this.

Dirk

More information about the Dev mailing list