[Openswan Users] Changing MTU on a route seems to mess up leftsourceid in a conn definition
Paul Wouters
paul at xelerance.com
Sat Sep 16 02:15:14 EDT 2006
On Sat, 16 Sep 2006, Greg Scott wrote:
> /sbin/ip route change 10.0.0.0/8 dev eth0 mtu 1470
> First, the routes before:
>
> [root at roseville-fw ipsec.d]# /sbin/ip route show
> aa.bb.cc.32/29 dev eth0 proto kernel scope link src aa.bb.cc.33
> 192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.2
> 10.10.10.0/24 dev eth2 proto kernel scope link src 10.10.10.187
Note the "src 10.10.10.187" which comes from your leftsourceip=
> Now changing the MTU on the tunnel route
>
> [root at roseville-fw ipsec.d]# /sbin/ip route change 10.0.0.0/8 dev eth0
> mtu 1470
Note how you did not specify "src 10.10.10.187" on the route replacement.
> The routes after:
>
> 10.0.0.0/8 dev eth0 scope link mtu 1470
So it is not there anymore..
> But this ping from the internal interface works...
> (The conn definition is supposed to include the internal interface.)
> [root at roseville-fw ipsec.d]# ping 10.13.1.22 -I 10.15.1.1
> PING 10.13.1.22 (10.13.1.22) from 10.15.1.1 : 56(84) bytes of data.
> 64 bytes from 10.13.1.22: icmp_seq=1 ttl=127 time=65.3 ms
Indeed, because then the "src" argument isnt needed.
So, use:
/sbin/ip route change 10.0.0.0/8 dev eth0 src 10.10.10.187 mtu 1470
Paul
--
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list