[Openswan dev] "%pass 0 no routed template covers this pair" error
Paul Wouters
paul at xelerance.com
Mon Jul 12 13:47:50 EDT 2010
We noticed on our l2tp server that sometimes we end up with bogus %pass
route. From ipsec auto --status:
000 "l2tp-psk": 193.110.157.131<193.110.157.131>[+S=C]:17/1701...%virtual[+S=C]:17/%any===?; unrouted; eroute owner: #0
000 "l2tp-psk": myip=unset; hisip=unset;
000 "l2tp-psk": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "l2tp-psk": policy: PSK+ENCRYPT+DONTREKEY+IKEv2ALLOW+lKOD+rKOD; prio: 32,32; interface: eth0;
000 "l2tp-psk": newest ISAKMP SA: #0; newest IPsec SA: #0;
000
000
000 193.110.157.131/32:0 -0-> 188.201.91.186/32:0 => %pass 0 no routed template covers this pair
The last line is the issue. The IP comes from a client, who can then
no longer reconnect until openswan is restarted.
Is there ever a valid reason for a "no routed template covers this pair"
type of %pass route? Or is it safe to delete these?
Paul
More information about the Dev
mailing list