[Openswan Users] ipsec_setup: Cannot talk to rtnetlink: Invalid argument and routes problem

Brett Curtis dashnu at gmail.com
Tue Jun 21 11:36:57 CEST 2005

I have a top-level router that i installed ipsec/l2tp on using jaccos site.
This machine has two nics eth0 for external and eth1 for internal. I
use iproute2 module for eth0 so I can assigne 5 external ips to the
machine for forwarding to internal machines and such. I think this is
where my problem lies..

Upon start up of ipsec i get the following errors. Version 2.3.1 this
is a ~x86 gentoo version.

* Starting IPSEC ... ...
ipsec_setup: Starting Openswan IPsec 2.3.1...
ipsec_setup: insmod /lib/modules/2.6.11-hardened-r14/kernel/net/key/af_key.ko 
ipsec_setup: insmod
ipsec_setup: Cannot talk to rtnetlink: Invalid argument
ipsec_setup: Cannot talk to rtnetlink: Invalid argument                   [ ok ]

Version 2.2.x (Stable) does not give me this error but both version
give me the following route problem.

I can connect to the server i can ping all internal ips except for
this box itself. I can browse the web via ppp / iptables / squid. How
ever i can not get any Name resolution via the bind server running on
this box. And my issue with adding the needed routes.

Jun 21 09:17:27 defender pluto[29876]: "roadwarrior-l2tp"[2] #2: route-host output: /usr/lib/ipsec/_updown: doroute
`ip route add via dev eth0 ' failed
(RTNETLINK answers: Network is unreachable)

I have googled this error for about 8 hours yesterday trying different
thing with no luck so I came to you guys.

My conn road warrior

conn roadwarrior
       left=24.XX.XX.XX  #external Ip
       leftnexthop= #internal ip / gateway

A friend said to me that leftnexthop should be the ip of the router on
my external interface. Is that the same as my external ip.. I am
confused. I have tried not using a leftnexthop at all but I still get
the issue with the routes being added.

Again This machine is eth0 24.XX.XX.XX  #external Ip and eth1 #internal ip

If you guys need any of info from me please let me know.

Any ideas or even a glimmer of hope would be great. Thanks!

More information about the Users mailing list