[Openswan Users] leftnexthop ppp fc6

Paul Wouters paul at xelerance.com
Mon Nov 13 12:40:42 EST 2006

On Sat, 11 Nov 2006, Marek Gre?ko wrote:

> I found an interresting issue using openswan/netkey on fc6. While I was using
> openswan before and had running setup with leftnexthop=%defaultroute I was
> quite unhappy after upgrading to fc6 seeing my setup is not working any more.
> After some examination I found that using ppp in fc6 there is no G flag in
> routing table for default route and therefore openswan does not get
> defaultroute in ipsec showdefaults so the leftnexthop=%defaultroute does not
> work any more. But when I commented it out e. g. changed to
> leftnexthop=%direct everything is working again.

So ipsec showdefaults is just cat'ing /var/run/pluto/ipsec.info
That is created in _startklips (which afaik is called even when using netkey),
and it calls:

next=`netstat -nr | awk '$1 == "" && $3 == "" { print $2 }'`

to determine the default gateway. It works fine for me (on klips) on regular
machines as well as machines with a ppp0 default route. Can you show me the
contents of /var/run/pluto/ipsec.info when using leftnexthop=%defaultroute?

> I have two questions:
> 1. Is it a bug of ppp (or any other component of fc6) that it does not set the
> G flag into routing table for default gateway or is it a bug of openswan,
> that it does not resolv the default route as default route when the G flag is
> not set?

As you can see, we don't care about the G flag.

If you give me the information, I might be able to track this down. Right now,
I don't know why you need to add that %direct. I'd really like to see the
contents of /var/run/pluto/ipsec.info and 'ipsec barf'

Building and integrating Virtual Private Networks with Openswan:

More information about the Users mailing list