[Openswan Users] leftnexthop ppp fc6
Paul Wouters
paul at xelerance.com
Mon Nov 13 12:40:42 EST 2006
On Sat, 11 Nov 2006, Marek Gre?ko wrote:
> I found an interresting issue using openswan/netkey on fc6. While I was using
> openswan before and had running setup with leftnexthop=%defaultroute I was
> quite unhappy after upgrading to fc6 seeing my setup is not working any more.
>
> After some examination I found that using ppp in fc6 there is no G flag in
> routing table for default route and therefore openswan does not get
> defaultroute in ipsec showdefaults so the leftnexthop=%defaultroute does not
> work any more. But when I commented it out e. g. changed to
> leftnexthop=%direct everything is working again.
So ipsec showdefaults is just cat'ing /var/run/pluto/ipsec.info
That is created in _startklips (which afaik is called even when using netkey),
and it calls:
next=`netstat -nr | awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $2 }'`
to determine the default gateway. It works fine for me (on klips) on regular
machines as well as machines with a ppp0 default route. Can you show me the
contents of /var/run/pluto/ipsec.info when using leftnexthop=%defaultroute?
> I have two questions:
>
> 1. Is it a bug of ppp (or any other component of fc6) that it does not set the
> G flag into routing table for default gateway or is it a bug of openswan,
> that it does not resolv the default route as default route when the G flag is
> not set?
As you can see, we don't care about the G flag.
If you give me the information, I might be able to track this down. Right now,
I don't know why you need to add that %direct. I'd really like to see the
contents of /var/run/pluto/ipsec.info and 'ipsec barf'
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list