[Openswan dev] [PATCH] Incorrect automatic route via ipsec0
harald at a-little-linux-box.at
Wed Oct 20 10:37:32 EDT 2010
On Wed, Oct 20, 2010 at 04:09:02PM +0200, Roel van Meer wrote:
> Harald Jenny writes:
> >> >> minimal ipsec.conf with which I can reproduce my issue:
> >> >> ---/---
> >> >> version 2.0
> >> >> config setup
> >> >> interfaces="ipsec0=eth1"
> >> >> oe=off
> >> >> protostack=klips
> >> >> ---/---
> >> >
> >> > I miss a conn defintion in here - Paul does this trigger a bug in adding
> >> > connections?
> >> This is the smallest config file I can reproduce the issue with. Adding conn
> >> definitions does not change it. The problem is not related to routes for
> >> conns, but it is related to the routes that get installed when ip addresses
> >> are assigned to the ipsec device. That's why I posted the config without any
> >> conn definitions. I just tried to keep things as clear as possible. Sorry if
> >> I added to the confusion.
> > Looks very weird to me as I use almost the same config section...
> In my other posts I already explained the problem is caused by kernel
> patches I am carrying.
Yes sorry was lagging behind with my emails (openswan is just something for
spare time) :-).
> >> I'm starting to believe I'm
> >> missing something very obvious here. I almost can't believe this is an
> >> openswan problem if I'm the only one that gets bitten by it.
> > I guess there is something with interferes with KLIPS.
> Yep, the alternative routes code does. Although it doesn't interfere
> with KLIPS directly. It changes the routing logic so the routes that
> get added when the ipsec device comes up are a problem. It's very similar to
> the ubuntu route metric problem.
> >> which solves my problem, since the kernel now always picks the correct
> >> route for traffic to the link network.
> > I'm currently running the old startscript here and it works for me :-/.
> Yes, it works for me too with an unpatched kernel.
> Thanks for checking though.
Well sorry I was so late but I'm currently doing much other work, mainly Nagios
> Dev mailing list
> Dev at openswan.org
More information about the Dev