[Openswan Users] Re: help for multihome route

Paul Wouters paul at xelerance.com
Sat Jun 25 03:00:36 CEST 2005 

On Fri, 24 Jun 2005, Bob Benstro wrote:

> Can no person help me for this?  I apologizing for bad english, please
> forgive this.
>
> On 6/23/05, Bob Benstro <bbenstro at gmail.com> wrote:
>> Hello,
>>
>> I use the patch here at http://www.ssi.bg/~ja/#routes, for mutliroute.
>>  Works ok.
>>
>> I not able to get ipsec to start when I having no default route.  I
>> have this words:
>>
>> ipsec_setup: Stopping Openswan IPsec...
>> ipsec_setup: Starting Openswan IPsec U2.2.0/K2.6.11.12...
>> ipsec_setup: no default route, %defaultroute cannot cope!!!
>>
>> System is 2.6.11.12.  Is there way to get ipsec to work with no
>> default route?  If I fake default route does ipsec working with above
>> patch?

You can use openswan without a defaultroute. It just means you cannot
use left= or right=%defaultroute. you will need to specify the IP
specifically. You might also need to add interfaces="ipsec0=eth0" just
so it will not use the implicit default of "%defaultroute".

Paul

>> I have previous post about setup below, but no talk back :/
>>
>> -----------------------------------------------------------------------------------------------
>>
>> I have two question about openswan.
>>
>> I have four dsl modem with dynamic pppoe.  This mean that I can not
>> tell what ppp device I have for each modem.  Since I use pptp for some
>> thing, and l2tp for other, over the time of few weeks, ppp0-ppp3
>> interface for ADSL modem can move to ppp4, ppp6 or other ppp device.
>> This is because pptp or l2tp may take ppp0-ppp3 device when ADSL modem
>> is down.
>>
>> I run x509 for road warrier with winxp.  All work ok, as long as I
>> make sure "left=" statement have real IP or hostname in it.
>>
>> I want to have "left=%any" or "left=0.0.0.0\0" but this not work.  Can
>> someone help to make "left=[any.interface.ip]?  I have dynamicdns, but
>> this not reliable, and not good way to make left= work for me.
>>
>> Also, can someone help to get openswan listen on *:500, instead of
>> ip:500?  Why so much work with ipsec whack --listen every time new ppp
>> DSL comes up?
>>
>> I have no default route, I use mutlihome routing.  Is any way to not
>> have to make fake default route, then remove, so openswan run?
>>
>> Thank for good product, all complaint are small compared to having
>> good vpn with xp client + linux box. ;)
>>
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>

-- 

   "I am not even supposed to be here today!"  -- Clerics

More information about the Users mailing list