[Openswan Users] route-host command exited with status 2

Robert W. Burgholzer rburgholzer at maptech-inc.com
Thu Mar 25 15:17:00 CET 2004 

Sorry for lack of info before, here is route -n and detailed log lines. I 
have included log from the client, as well as the log from the server.

Output of route -n:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.22.1.1       0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
10.22.1.1       0.0.0.0         255.255.255.255 UH    0      0        0 ipsec0
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
127.0.0.0       0.0.0.0         255.0.0.0       U     0      0        0 lo
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 ppp0

Log lines (/var/log/secure) on client side after an "ipsec auto --up 
maptech-client" and "ipsec auto --down maptech-client"
Mar 25 14:16:36 www pluto[12722]: "maptech-client": terminating SAs using 
this connection
Mar 25 14:16:36 www pluto[12722]: "maptech-client" #3: deleting state 
(STATE_QUICK_I1)
Mar 25 14:16:36 www pluto[12722]: "maptech-client" #1: deleting state 
(STATE_MAIN_I4)
Mar 25 14:16:36 www pluto[12722]: packet from 12.5.17.226:500: 
Informational Exchange is for an unknown (expired?) SA
Mar 25 14:16:48 www pluto[12722]: packet from 12.5.17.226:500: Quick Mode 
message is for a non-existent (expired?) ISAKMP SA
Mar 25 14:16:51 www pluto[12722]: "maptech-client" #4: initiating Main Mode
Mar 25 14:16:52 www pluto[12722]: "maptech-client" #4: Peer ID is 
ID_DER_ASN1_DN: 'C=US, ST=Virginia, L=Blacksburg, O=MapTech Incorporated, 
OU=VPNGateway, CN=www2, E=sysadmin at maptech-inc.com'
Mar 25 14:16:52 www pluto[12722]: "maptech-client" #4: ISAKMP SA established
Mar 25 14:16:52 www pluto[12722]: "maptech-client" #5: initiating Quick 
Mode RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS+UP {using isakmp#4}
Mar 25 14:16:52 www pluto[12722]: "maptech-client" #5: route-host output: 
RTNETLINK answers: Network is unreachable
Mar 25 14:16:52 www pluto[12722]: "maptech-client" #5: route-host output: 
/usr/local/lib/ipsec/_updown: `ip route add 192.168.1.0/24 via 12.5.17.226 
dev ipsec0' failed
Mar 25 14:16:52 www pluto[12722]: "maptech-client" #5: route-host command 
exited with status 2
Mar 25 14:16:59 www pluto[12722]: "maptech-client": terminating SAs using 
this connection
Mar 25 14:16:59 www pluto[12722]: "maptech-client" #5: deleting state 
(STATE_QUICK_I1)
Mar 25 14:16:59 www pluto[12722]: "maptech-client" #4: deleting state 
(STATE_MAIN_I4)
Mar 25 14:16:59 www pluto[12722]: packet from 12.5.17.226:500: 
Informational Exchange is for an unknown (expired?) SA
Mar 25 14:17:02 www pluto[12722]: packet from 12.5.17.226:500: Quick Mode 
message is for a non-existent (expired?) ISAKMP SA

Log lines on server side:
Mar 25 14:28:41 www2 pluto[22350]: "maptech-client"[3] 141.152.29.107 #193: 
discarding duplicate packet; already STATE_QUICK_R1
Mar 25 14:28:50 www2 pluto[22350]: "maptech-client"[3] 141.152.29.107 #190: 
received Delete SA payload: deleting ISAKMP State #190
Mar 25 14:29:05 www2 pluto[22350]: "maptech-client"[3] 141.152.29.107 #194: 
responding to Main Mode from unknown peer 141.152.29.107
Mar 25 14:29:05 www2 pluto[22350]: "maptech-client"[3] 141.152.29.107 #194: 
Peer ID is ID_DER_ASN1_DN: 'C=US, ST=Virginia, L=Richmond, O=MapTech 
Incorporated, OU=soulswimmer, CN=soulswimmer, E=rburgholzer at maptech-inc.com'
Mar 25 14:29:06 www2 pluto[22350]: "maptech-client"[3] 141.152.29.107 #194: 
sent MR3, ISAKMP SA established
Mar 25 14:29:06 www2 pluto[22350]: "maptech-client"[3] 141.152.29.107 #195: 
responding to Quick Mode
Mar 25 14:29:13 www2 pluto[22350]: "maptech-client"[3] 141.152.29.107 #194: 
received Delete SA payload: deleting ISAKMP State #194
Mar 25 14:29:42 www2 pluto[22350]: "maptech-client"[3] 141.152.29.107 #193: 
max number of retransmissions (2) reached STATE_QUICK_R1
Mar 25 14:30:16 www2 pluto[22350]: "maptech-client"[3] 141.152.29.107 #195: 
max number of retransmissions (2) reached STATE_QUICK_R1
Mar 25 14:30:16 www2 pluto[22350]: "maptech-client"[3] 141.152.29.107: 
deleting connection "maptech-client" instance with peer 141.152.29.107 
{isakmp=#0/ipsec=#0}



At 11:47 AM 3/25/2004 -0500, Robert W. Burgholzer wrote:
>Hello,
>I am experiencing difficulty attaching my home machine, behind a verizon 
>dsl modem, to my freeswan network at work. Both machines are running 
>redhat linux 7.3, with Freeswan 2.04 with x509 patches from RPM.
>
>Following the logs, the connection is being negotiated via x509 
>certificates OK, but when my client (road warrior) machine issues the command:
>
>ip route add 192.168.1.0/24 via mygatewayatworkIP dev ipsec0
>
>I get: "route-host command exited with status 2"
>
>Entering that command at the command line yields:
>"RTNETLINK answers: Network is unreachable"
>
>My ipsec0 interface is up, and the only thing I can see as maybe being 
>peculiar, is that there is a PTP entry in the ppp0 interface info, but NOT 
>in the ipsec0 info, as follows:
>
>ppp0      Link encap:Point-to-Point Protocol
>           inet addr:myIPaddress  P-t-P:10.22.1.1  Mask:255.255.255.255
>
>ipsec0    Link encap:Point-to-Point Protocol
>           inet addr:myIPaddress    Mask:255.255.255.255
>
>
>I am really stuck here, any help would be appreciated.
>
>
>Robert Burgholzer
>Environmental Engineer
>MapTech Inc.
>http://www.maptech-inc.com/
>_______________________________________________
>Users mailing list
>Users at lists.openswan.org
>http://lists.openswan.org/mailman/listinfo/users

Robert Burgholzer
Environmental Engineer
MapTech Inc.
http://www.maptech-inc.com/

More information about the Users mailing list