[Openswan dev] [PATCH] Incorrect automatic route via ipsec0

[Roel van Meer]

Bart Trojanowski writes:

> * Roel van Meer <rolek at bokxing.nl> [101025 08:10]:
>> Note: in order to avoid adding confusion to an already long and
>> confusing thread: I think your comments are based on a version of a
>> patch I submitted but which has been replaced by a different
>> version. In that light most of it is no longer relevant, since the
>> new patch removes the metric bumping code altogether.
> 
> I've been caught red handed, and guilty of not reading the entire
> thread.  Now that I've reviewed the rest, I agree with your findings.

That's okay, and thanks.

> I am not sure why we ever created the virtual interface with a mask
> other than /32.  Maybe just to avoid confusion.  It would make sense to
> me to just assign it the address, but like Harald I worry that we might
> create other problems.

I can imagine. From the routing point of view I can't think of a scenario 
where this change would cause problems. I mean, these routes towards the 
virtual ipsec0 interface will (as far as I can see) never result in anything 
useful. Only if there is a matching tunnel definition would they work, but 
in that case you'd get a route from the _updown scripts.

But testing is good, that's for sure :)

> I've reworked your patch a bit to remove the assignment of the
> broadcast, and peer addresses from the virtual interface.  That's
> attached.
> 
> I think that should still work for you, and I need to do some more
> testing.

Yep, still works for me.

> Sorry about the confusion, and thanks for taking time to explain it
> (again).

No problem. I'm happy we can iron out these wrinkles. Fixing the symptom was 
simple enough, but I'm glad we are fixing the cause.

If you need any more testing or info from me, please let me know.

Regards,

roel