[Openswan dev] [Patch] error: "cannot route -- route already in use for"
Paul Wouters
paul at xelerance.com
Wed Oct 1 18:38:54 EDT 2008
On Thu, 25 Sep 2008, avesh agarwal wrote:
Hi Avesh,
Sorry for the late reply....
> host1 has two interfaces: eth0 (IP address: 10.14.0.139) and eth0:1 (virtual
> interface with IP address 10.14.0.149)
> host2 has one interface: eth1(with IP address 10.14.0.140)
>
> I want to establish 2 ipsec channels between these two as follows.
>
> IP addresesses are as below for each
> host1<----------------->host2
> eth0(10.14.0.139)<---------------------->eth1(10.14.0.140)
>
> eth0:1 (10.14.0.149)<------------------->eth1(10.14.0.140)
[...]
> The connection 139-140 (which is between 10.14.0.139 and 10.14.0.140) gets
> established without any problem.
> However, when the connection 149-140 (which is between 10.14.0.149 and
> 10.14.0.140) is setup, it gives following error:
>
> 117 "149-140" #4: STATE_QUICK_I1: initiate
> 003 "149-140" #4: cannot route -- route already in use for "139-140"
> 032 "149-140" #4: STATE_QUICK_I1: internal error
>
> Although, I have tried ipsec setup in transport mode, i think the same
> problem happens in tunnel mode too.
>
> The patch to solve this problem is attached with this mail. The patch is
> created for lastest release which is 2.6.16.
The patch seems to address the route in use error, but I am not yet entirely
sure this resolves the problem. One question that comes to mind is this..
If host 2 initiates both tunnels, to what it believes are two different
hosts, it will have two phase 1 and two phase 2 states.
If host 1 initiates both tunnels, it would re-use the phase 1, since it
already has a phase 1 up with host 2, but host 2 is not aware of this
and would not re-use its own phase 1.
So I am not sure yet, if allowing the phase 2 to success, which your patch
does, we have resolved the problem, or just moved it around. This will
require some testcases for our testing/pluto/ infrastructure to bring up
various combinations of these two tunnels to see if everything keeps
working as expected.
Paul
More information about the Dev
mailing list