[Openswan Users] leftnexthop ppp fc6

Paul Wouters paul at xelerance.com
Sat Nov 11 18:09:13 EST 2006

On Sat, 11 Nov 2006, Marek Gre?ko wrote:

> I found an interresting issue using openswan/netkey on fc6. While I was using
> openswan before and had running setup with leftnexthop=%defaultroute I was
> quite unhappy after upgrading to fc6 seeing my setup is not working any more.
> After some examination I found that using ppp in fc6 there is no G flag in
> routing table for default route and therefore openswan does not get
> defaultroute in ipsec showdefaults so the leftnexthop=%defaultroute does not
> work any more. But when I commented it out e. g. changed to
> leftnexthop=%direct everything is working again.

Interesting, you might have found a realy annoying bug that's been there for a
while. Can you mail me the output of "ipsec barf" on your system when you got
your ppp connection up (and optionally your ipsec connection)?

> I have two questions:
> 1. Is it a bug of ppp (or any other component of fc6) that it does not set the
> G flag into routing table for default gateway or is it a bug of openswan,
> that it does not resolv the default route as default route when the G flag is
> not set?

I don't know

> 2. Is the solution with leftnexthop=%direct correct? I think yes, because the
> routes before was also created as if it was direct (no gateway was filled
> in). But maybe it would make some sense when using KLIPS. Can you give me
> proper explanation?

For netkey it does not matter. For klips it is wrong. I'll see about changing
the code to parse 'ip route list' instead of 'route -n' for creating the
ipsec.info file. That should work around the problem.


Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list