[Openswan dev] [PATCH] Incorrect automatic route via ipsec0

Harald Jenny harald at a-little-linux-box.at
Wed Oct 20 10:37:32 EDT 2010 

On Wed, Oct 20, 2010 at 04:09:02PM +0200, Roel van Meer wrote:
> Harald Jenny writes:
> 
> >> >> minimal ipsec.conf with which I can reproduce my issue:
> >> >> ---/---
> >> >> version 2.0
> >> >> config setup
> >> >>    interfaces="ipsec0=eth1"
> >> >>    oe=off
> >> >>    protostack=klips
> >> >> ---/---
> >> > 
> >> > I miss a conn defintion in here - Paul does this trigger a bug in adding
> >> > connections?
> >> 
> >> This is the smallest config file I can reproduce the issue with. Adding conn 
> >> definitions does not change it. The problem is not related to routes for 
> >> conns, but it is related to the routes that get installed when ip addresses 
> >> are assigned to the ipsec device. That's why I posted the config without any 
> >> conn definitions. I just tried to keep things as clear as possible. Sorry if 
> >> I added to the confusion.
> > 
> > Looks very weird to me as I use almost the same config section...
> 
> In my other posts I already explained the problem is caused by kernel 
> patches I am carrying.

Yes sorry was lagging behind with my emails (openswan is just something for
spare time) :-).

>   
> >> I'm starting to believe I'm 
> >> missing something very obvious here. I almost can't believe this is an 
> >> openswan problem if I'm the only one that gets bitten by it.
> > 
> > I guess there is something with interferes with KLIPS.
> 
> Yep, the alternative routes code does. Although it doesn't interfere 
> with KLIPS directly. It changes the routing logic so the routes that 
> get added when the ipsec device comes up are a problem. It's very similar to 
> the ubuntu route metric problem.

Ok

> 
> >> which solves my problem, since the kernel now always picks the correct 
> >> route for traffic to the link network.
> > 
> > I'm currently running the old startscript here and it works for me :-/.
> 
> Yes, it works for me too with an unpatched kernel.
> Thanks for checking though.

Well sorry I was so late but I'm currently doing much other work, mainly Nagios
business tasks...

> 
> Regards,
> 
> roel

Kind regards
Harald

> 
> _______________________________________________
> Dev mailing list
> Dev at openswan.org
> http://lists.openswan.org/mailman/listinfo/dev

More information about the Dev mailing list