[Openswan dev] cannot install eroute -- it is in use for xx.xx.xx.xx".

Paul Wouters paul at xelerance.com
Thu Apr 15 13:07:50 EDT 2010

On Fri, 16 Apr 2010, John Wells wrote:

> Subject: Re: [Openswan Users] Fwd: Re: Please help: strange behaviour with
>     OpenSwan/xl2tpd & Android vpn client
> Thank you Will and Jacco -- actually the CentOS hint was what I needed
> -- I downloaded the 2.6.25 source (Karmic had 2.6.22) and compiled it --
> and it works perfectly.
> Problem I have now is that when I disconnect the VPN on the handset, the
> channel isn't killed. xl2tpd seems to close the tunnel, but the ipsec
> channel stays open. Then when I reconnect I get a "cannot install eroute
> -- it is in use for xx.xx.xx.xx". If I restart the ipsec daemon then it
> works again.

I have noticed this too. It should replace the instance of itself, but it
does not.

> Any hints for closing the channel, or reusing the existing channel?
> Right now I've put a hack into /etc/ppp/ip-down to restart ipsec, but
> that obviously won't work for more than one user.

You can try enabling DPD with dpdaction=%clear, but it will depend on
wether the client supports DPD or not.


More information about the Dev mailing list