[Openswan Users] leftnexthop ppp fc6

[Paul Wouters]

On Sat, 11 Nov 2006, Marek Gre?ko wrote:

> I found an interresting issue using openswan/netkey on fc6. While I was using
> openswan before and had running setup with leftnexthop=%defaultroute I was
> quite unhappy after upgrading to fc6 seeing my setup is not working any more.
>
> After some examination I found that using ppp in fc6 there is no G flag in
> routing table for default route and therefore openswan does not get
> defaultroute in ipsec showdefaults so the leftnexthop=%defaultroute does not
> work any more. But when I commented it out e. g. changed to
> leftnexthop=%direct everything is working again.

So ipsec showdefaults is just cat'ing /var/run/pluto/ipsec.info
That is created in _startklips (which afaik is called even when using netkey),
and it calls:

next=`netstat -nr | awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $2 }'`

to determine the default gateway. It works fine for me (on klips) on regular
machines as well as machines with a ppp0 default route. Can you show me the
contents of /var/run/pluto/ipsec.info when using leftnexthop=%defaultroute?

> I have two questions:
>
> 1. Is it a bug of ppp (or any other component of fc6) that it does not set the
> G flag into routing table for default gateway or is it a bug of openswan,
> that it does not resolv the default route as default route when the G flag is
> not set?

As you can see, we don't care about the G flag.

If you give me the information, I might be able to track this down. Right now,
I don't know why you need to add that %direct. I'd really like to see the
contents of /var/run/pluto/ipsec.info and 'ipsec barf'

Paul
-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155