[Openswan dev] [Patch] error: "cannot route -- route already in use for"

avesh agarwal avagarwa at redhat.com
Thu Sep 25 20:50:23 EDT 2008


Hi Paul,

Thanks for your response. Here below, I am describing a test scenario 
below which fails in Openswan.

Scenario:
host1 has two interfaces: eth0 (IP address: 10.14.0.139) and eth0:1 
(virtual interface with IP address 10.14.0.149)
host2 has one interface:  eth1(with IP address 10.14.0.140)

I want to establish 2 ipsec channels between these two as follows.

IP addresesses are as below for each
host1<----------------->host2
eth0(10.14.0.139)<---------------------->eth1(10.14.0.140)

eth0:1 (10.14.0.149)<------------------->eth1(10.14.0.140)

ipsec.conf is as follows:
------------------------------
version 2.0     # conforms to second version of ipsec.conf specification

# basic configuration
config setup
     # Debug-logging controls:  "none" for (almost) none, "all" for lots.
    #klipsdebug="all"
    #plutodebug="all"
    protostack=netkey
    # nat_traversal=yes


# include /etc/ipsec.d/*.conf

include /root/no_oe.conf

conn 139-140
    left=10.14.0.139
    right=10.14.0.140
    authby=secret
    esp=aes128-sha1
    ike=aes128-sha1-modp1024
    type=transport
    compress=no
    auto=add
    dpddelay=2
    dpdtimeout=30
    dpdaction=restart

conn 149-140
    left=10.14.0.149
    right=10.14.0.140
    authby=secret
    esp=aes128-sha1
    ike=aes128-sha1-modp1024
    type=transport
    compress=no
    auto=add
    dpddelay=2
    dpdtimeout=30
    dpdaction=restart

-------------------------------------------------------------

The connection 139-140 (which is between 10.14.0.139 and 10.14.0.140) 
gets established without any problem.
However, when the connection 149-140 (which is between 10.14.0.149 and 
10.14.0.140)  is setup, it gives following error:

117 "149-140" #4: STATE_QUICK_I1: initiate
003 "149-140" #4: cannot route -- route already in use for "139-140"
032 "149-140" #4: STATE_QUICK_I1: internal error

Although, I have tried ipsec setup in transport mode, i think the same 
problem happens in tunnel mode too.

The patch to solve this problem is attached with this mail. The patch is 
created for lastest release which is 2.6.16.

Thanks and Regards
Avesh Agarwal






-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: openswan-2.6.16-438998.patch
Url: http://lists.openswan.org/pipermail/dev/attachments/20080925/be98bd5a/attachment.pl 


More information about the Dev mailing list