[Openswan dev] Bogus defaultroutenexthop for PPPoE (& PPP?)

Bruce S. Skinner Bruce.Skinner at norsteadfarm.ca
Thu Jun 28 16:08:26 EDT 2007 

Hello,

When I changed my internet connection from an ethernet connection to a
PPPoE connection my VPN stopped working.  I discovered that the
parameter defaultroutenexthop in /var/run/pluto/ipsec.info was set to
a bogus value of 0.0.0.0.  I chased it back to _startklips which
parses the output of "netstat -nr" default route line for the gateway
column.  The gateway value for PPPoE (and I would assume also PPP)
based connections is 0.0.0.0.  

Example PPPoE system:
---------------------
$ netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
10.10.101.21    0.0.0.0         255.255.255.255 UH        0 0          0 ppp0
128.43.2.0      0.0.0.0         255.255.254.0   U         0 0          0 eth1
0.0.0.0         0.0.0.0         0.0.0.0         U         0 0          0 ppp0

$ ip r l
10.10.101.21 dev ppp0  proto kernel  scope link  src 172.17.2.248 
128.43.2.0/23 dev eth1  proto kernel  scope link  src 128.43.2.1 
default dev ppp0  scope link 

Example ethernet system:
------------------------
$ netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.101.0   0.0.0.0         255.255.255.0   U         0 0          0 eth2
24.224.245.0    0.0.0.0         255.255.255.0   U         0 0          0 eth0
128.43.4.0      0.0.0.0         255.255.255.0   U         0 0          0 eth1
0.0.0.0         24.224.245.5    0.0.0.0         UG        0 0          0 eth0

$ ip r l
192.168.101.0/24 dev eth2  proto kernel  scope link  src 192.168.101.10
24.224.245.0/24 dev eth0  proto kernel  scope link  src 24.224.245.5
128.43.4.0/24 dev eth1  proto kernel  scope link  src 128.43.4.1
default via 24.224.245.5 dev eth0  scope link

The following (kludge?) in _startklips gets things going.

  *** _startklips.orig	2007-06-10 19:54:33.000000000 -0300
  --- _startklips	2007-06-10 19:54:33.000000000 -0300
  ***************
  *** 213,218 ****
  --- 213,222 ----
    	fi
    	next=`netstat -nr |
    		awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $2 }'`
  + 	if [ "$next" = "0.0.0.0" ] ; then
  + 	    next=`ip a l $phys | grep -E '^ +inet6*.*scope global $phys' |
  +                   awk '{ print $2}' | awk -F / '{ print $1 }'`
  + 	fi
    	klipsinterface "ipsec0=$phys" $next
    }

I'm using: Ubuntu 6.10, kernel 2.6.17, OpenSwan 2.4.5, netkey IPSec. 

regards :-)
BruceS

-- 

Bruce Skinner
Norstead Farm
1427 Prospect Rd.  
RR1
Waterville NS  
B0P 1V0
CANADA

 Tel: 902-538-1765
Cell: 902-670-6456

<mailto:Bruce.Skinner at norsteadfarm.ca>

More information about the Dev mailing list