[Openswan Users] Help:I think it may be freeswan's bug

swcims swcims at 163.com
Fri Mar 12 18:41:34 CET 2004 

Hi,Sam
    You know,I have send many mails to mailing list,but no reply.I'd hate to bother you  but I am eager to get your advice.And,I think this would be helpful to fix some bugs.
	I am using super-fs 1.99.8 on RH for connecting LinkSys VPN Router.
	In order to reach these requirement:"tunnel can be set up by pinging another side from the tunnel subnet ip",I did as these steps: 
	1.start pluto
	2.whack --name test --esp --pfs ....
	3.whack --listen     (I think this will help tunnel set up by ping from peer's subnet originally)
	4.whack route --name test (to add eroute: .... %trap:0) (I think only this step,then tunnel can be set up by ping from super-fs's subnet originally)
	Is that right?
	Also,I comment out "else if(create_hold_eroute(..))" in ipsec_tunnel.c to advoid chang the %trap eroute to %hold.
	Then when I ping from super-fs' subnet ip,it would say:
	 Jan  1 00:49:16 pluto[2203]: ERROR: pfkey write() of SADB_X_ADDFLOW message 53 for flow %hold failed. Errno 14: Bad address
 
 Jan  1 00:49:16 pluto[2203]: |   02 0f 00 0b  0e 00 00 00  35 00 00 00  9b 08 00 00
 

 Jan  1 00:49:16 pluto[2203]: |   03 00 15 00  00 00 00 00  02 00 00 00  c0 a8 01 64
 
 Jan  1 00:49:16 pluto[2203]: |   00 00 00 00  00 00 00 00  03 00 16 00  00 00 00 00
 
 Jan  1 00:49:16 pluto[2203]: |   02 00 00 00  c0 a8 05 e6  00 00 00 00  00 00 00 00
 
 Jan  1 00:49:16 pluto[2203]: |   03 00 17 00  00 00 00 00  02 00 00 00  ff ff ff ff
 
 Jan  1 00:49:16 pluto[2203]: |   00 00 00 00  00 00 00 00  03 00 18 00  00 00 00 00
 
 Jan  1 00:49:16 pluto[2203]: |   02 00 00 00  ff ff ff ff  00 00 00 00  00 00 00 00
	
	But even this,tunnel can be set up successfully in almost all configs.Then I found the %trap eroute could be changed to be normal. Why? What are the status of %hold,%trap?
	Except:the two subnets are only ip(such as 192.168.1.2/32--Gateway <----->Gateway---192.168.5.2/32).In this condition,
when start pinging ,the "pfkey" error would occur,and the %trap eroute would be delete!And then even I used "whack --initiate --name test",the tunnel would not be set up any more! I guessed, because freeswan think this config should be ID_IPV4_ADDR_SUBNET,but the LinkSys VPN router think it should be ID_IPV4_ADDR.So failed!
	How to solve these problems?I am completely confused!
	Hope you can help me.Thank you very much!

  Regards.
 				

        swcims
        swcims at 163.com
          2004-03-12

More information about the Users mailing list