[Openswan dev] klips startup error if secondary ip addres on physical interface
Roel van Meer
roel.vanmeer at bokxing.nl
Thu May 10 04:40:46 EDT 2012
Hi devs,
when I start openswan, I get this error message:
ipsec_setup: Error: either "local" is duplicate, or "secondary" is a garbage.
The commit that caused this is here:
http://git.openswan.org/cgi-bin/cgit/openswan/patch/programs/_startklips/_startklips.in?id=7a6cc9e9f2a4692f1e5da7c78b52fa2f32ced38b
The openswan config is minimal and looks like this:
root at test13a:/tmp# cat /etc/ipsec.conf
version 2.0
config setup
interfaces="ipsec0=eth1"
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,\
v4:172.16.0.0/12,%v4:!10.0.0.0/24,%v4:!10.10.0.0/16
oe=off
protostack=klips
The physiscal interface is configured like this:
root at test13a:/tmp# ip address show dev eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
link/ether 00:40:f4:b4:0a:68 brd ff:ff:ff:ff:ff:ff
inet 111.222.33.131/28 brd 111.222.33.143 scope global eth1
inet 111.222.33.135/28 brd 111.222.33.143 scope global secondary eth1:1
With the patch (pristine 2.6.38) the ipsec0 device looks like this after
startup:
root at test13a:/tmp# ip address show dev ipsec0
76: ipsec0: <NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 10
link/ether 00:40:f4:b4:0a:68 brd ff:ff:ff:ff:ff:ff
inet 111.222.33.131/32 scope global ipsec0
With the patch reversed, the ipsec0 device looks like this after startup:
root at test13a:/tmp# ip address show dev ipsec0
79: ipsec0: <NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 10
link/ether 00:40:f4:b4:0a:68 brd ff:ff:ff:ff:ff:ff
inet 111.222.33.131/32 scope global ipsec0
inet 111.222.33.135/32 scope global ipsec0
This looks like an unintentional effect of this commit.
Best regards,
Roel
More information about the Dev
mailing list