[Openswan dev] Getting routes from modecfg added when talking to Cisco...

Michael H. Warfield mhw at WittsEnd.com
Thu Feb 25 18:10:03 EST 2010 

On Thu, 2010-02-25 at 18:02 -0500, Michael H. Warfield wrote:

> I made this change to _updown.netkey and it then works properly...
> 
> --- _updown.netkey 2010-02-25 14:07:08.000000000 -0500
> +++ _updown-cisco.netkey 2010-02-25 17:50:28.000000000 -0500
> @@ -274,10 +274,12 @@
>      up-client)
> # connection to my client subnet coming up
> # If you are doing a custom version, firewall commands go here.
> + uproute
> ;;
>      down-client)
> # connection to my client subnet going down
> # If you are doing a custom version, firewall commands go here.
> + downroute
> ;;
>      #
>      # IPv6

Grrr...  Forgot to set Evolution to "preformatted".  Sorry about that.

--- _updown.netkey	2010-02-25 14:07:08.000000000 -0500
+++ _updown-cisco.netkey	2010-02-25 17:50:28.000000000 -0500
@@ -274,10 +274,12 @@
     up-client)
 	# connection to my client subnet coming up
 	# If you are doing a custom version, firewall commands go here.
+	uproute
 	;;
     down-client)
 	# connection to my client subnet going down
 	# If you are doing a custom version, firewall commands go here.
+	downroute
 	;;
     #
     # IPv6

> Otherwize, _updown.netkey is just ignoring "up-client" and "down-client"
> verbs and doing nothing.
> 
> This "fixes" it but I'm not real sure that's the "correct" fix or if the
> correct fix is to make pluto do an updown with "PLUTO_VERB=route-client"
> which really would make sense.  But that would impact more than just
> NetKey.
> 
> Thoughts?
> 
> DNS parameters are next on my list to work on...
> 
> Mike

Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://lists.openswan.org/pipermail/dev/attachments/20100225/d86ff5fa/attachment-0001.bin

More information about the Dev mailing list