[Openswan dev] "%pass 0 no routed template covers this pair" error
David McCullough
david_mccullough at mcafee.com
Mon Jul 12 20:46:32 EDT 2010
Jivin Paul Wouters lays it down ...
>
> We noticed on our l2tp server that sometimes we end up with bogus %pass
> route. From ipsec auto --status:
>
> 000 "l2tp-psk": 193.110.157.131<193.110.157.131>[+S=C]:17/1701...%virtual[+S=C]:17/%any===?; unrouted; eroute owner: #0
> 000 "l2tp-psk": myip=unset; hisip=unset;
> 000 "l2tp-psk": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
> 000 "l2tp-psk": policy: PSK+ENCRYPT+DONTREKEY+IKEv2ALLOW+lKOD+rKOD; prio: 32,32; interface: eth0;
> 000 "l2tp-psk": newest ISAKMP SA: #0; newest IPsec SA: #0;
> 000
> 000
> 000 193.110.157.131/32:0 -0-> 188.201.91.186/32:0 => %pass 0 no routed template covers this pair
>
> The last line is the issue. The IP comes from a client, who can then
> no longer reconnect until openswan is restarted.
>
> Is there ever a valid reason for a "no routed template covers this pair"
> type of %pass route? Or is it safe to delete these?
Sorry, I got nothing to offer you on this one :-(
--
David McCullough, david_mccullough at mcafee.com, Ph:+61 734352815
McAfee - SnapGear http://www.mcafee.com http://www.uCdot.org
More information about the Dev
mailing list