[Openswan Users] wrong eroutes with auto=route in version 2.4.7
Matthias Haas
mh at pompase.net
Fri Nov 24 17:17:40 EST 2006
Paul Wouters schrieb:
> On Fri, 24 Nov 2006, Matthias Haas wrote:
>
>
>> I am currently facing a problem with subnet-subnet connection, that are
>> create with auto=route at the responders side. Remote side is a dynamic
>> IP.
>> The subnet-subnet connection is created with two 24bit subnets. In case
>> there is no valid sa, as the remote site is down there is already a eroute
>> installed for these two networks in trap state. So far everything is ok.
>> But as soon as a connection should be established from the responders
>> network to the remote net an there is no valid connection established a
>> new eroute arises that has two singlehost subnets installed that reflect
>> the sender and recipient of this connection. Then this connection is set
>> to hold state as there is a packet that should be sent out.
>> The problem that comes up to this is that there will never be a sa even if
>> the remote side connects that can handle this eroute. Therefore
>> connections that apply to this invalid eroute will never be able to
>> communicate despite there is a valid sa then, that fullfills the need of
>> the complete two subnets.
>> As soon as I apply auto=add to these connections at the reponders site
>> everything works fine.
>>
>> Is this a bug or a feature?
>>
>
> You should use auto=start or auto=add. Why are you using auto=route ?
>
> Paul
>
>
Why not, what I achive with this is that I can already see possible
routes. Or did I get the intention of this command wrong?
Matthias
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20061124/fb03c2e0/attachment.html
More information about the Users
mailing list