[Openswan dev] [PATCH] Incorrect automatic route via ipsec0

Harald Jenny harald at a-little-linux-box.at
Thu Oct 28 10:50:11 EDT 2010 

On Tue, Oct 26, 2010 at 08:37:50AM +0200, Roel van Meer wrote:
> Bart Trojanowski writes:
> 
> > * Roel van Meer <rolek at bokxing.nl> [101025 08:10]:
> >> Note: in order to avoid adding confusion to an already long and
> >> confusing thread: I think your comments are based on a version of a
> >> patch I submitted but which has been replaced by a different
> >> version. In that light most of it is no longer relevant, since the
> >> new patch removes the metric bumping code altogether.
> > 
> > I've been caught red handed, and guilty of not reading the entire
> > thread.  Now that I've reviewed the rest, I agree with your findings.
> 
> That's okay, and thanks.
> 
> > I am not sure why we ever created the virtual interface with a mask
> > other than /32.  Maybe just to avoid confusion.  It would make sense to
> > me to just assign it the address, but like Harald I worry that we might
> > create other problems.
> 
> I can imagine. From the routing point of view I can't think of a scenario 
> where this change would cause problems. I mean, these routes towards the 
> virtual ipsec0 interface will (as far as I can see) never result in anything 
> useful. Only if there is a matching tunnel definition would they work, but 
> in that case you'd get a route from the _updown scripts.
> 
> But testing is good, that's for sure :)

Yeah it's not very nice to break stuff :-/.

> 
> > I've reworked your patch a bit to remove the assignment of the
> > broadcast, and peer addresses from the virtual interface.  That's
> > attached.
> > 
> > I think that should still work for you, and I need to do some more
> > testing.
> 
> Yep, still works for me.

Very good!

> 
> > Sorry about the confusion, and thanks for taking time to explain it
> > (again).
> 
> No problem. I'm happy we can iron out these wrinkles. Fixing the symptom was 
> simple enough, but I'm glad we are fixing the cause.
> 
> If you need any more testing or info from me, please let me know.

Thanks very much for the great help you provided fixing this issue!

> 
> Regards,
> 
> roel

Kind regards
Harald

> 
> _______________________________________________
> Dev mailing list
> Dev at openswan.org
> http://lists.openswan.org/mailman/listinfo/dev

More information about the Dev mailing list