[Openswan Users] netlink XFRM_MSG_NEWPOLICY response for flow

Marco Berizzi pupilla at hotmail.com
Wed Nov 15 04:59:03 EST 2006

Paul Wouters wrote:

> On Tue, 14 Nov 2006, Marco Berizzi wrote:
> > > Can you do another ipsec setup restart after your tunnel is up to
> > > see if it happens again? If so, it looks like your kernel does not
> > > get cleared upon stopping. So if it happens, can you do ipsec
> > > setup stop and then an ip xfrm state list and ip xfrm policy list
> > > to confirm that?
> I was hoping you would do after you brought the tunnels up:
> ipsec setup stop
> ip xfrm state list
> ip xfrm policy list

Ok, tunnels where up, so I upgraded to 2.4.7,
stopped openswan with 'ipsec setup stop' and
run 'ip x s l > ipxsl' & 'ip x p l > ipxpl'.
Results were two empty file. 7 seconds later,
I run 'ipsec setup start' and I didn't see
these errors anymore.

> What happens if you add a leftnexthop=yourgatewayip ?

all connection definition has defined leftnexthop

> We have a fix around for that in 2.4.7 (released today if all goes

Upgraded. Next time I will reboot this system
again I will take a look at /var/log/secure for
these errors.
One question. Did you notice that these errors
are always related to "tun.10000"? Why always
'10000' and not other numbers?

ERROR: netlink XFRM_MSG_NEWPOLICY response for flow tun.10000 at pleiadi
included errno 17: File exists

More information about the Users mailing list