[Openswan Users] Routing problem with OpenSWAN on OpenWRT

Paul Wouters paul at xelerance.com
Thu Feb 8 23:25:28 EST 2007


On Thu, 8 Feb 2007, Nels Lindquist wrote:

> Just wondering if there's a solution to the problem Paul mentioned in
> the "Routing problem" thread from yesterday.
>
> I'm setting up a couple of VPN endpoints on WhiteRussian RC6 and the
> latest available OpenSWAN 2.4.6 package (installed with ipkg).
>
> The issue is that when OpenSWAN is started (before any tunnels are
> brought up), a bogus route is added equivalent to the settings on the
> WAN interface, and that route seems to interfere with the arp discovery
> of any MAC addresses not already in the local neighbour table.  Once
> existing arp entries expire they are no longer reachable.
>
> I tried adding "failureshunt=passthrough" to the %default configuration
> as discussed in that thread, but it didn't seem to help.

Can you try replacing your /usr/lib/ipsec/_updown which this version:
http://www.xtdnet.nl/paul/tmp/_updown

It is the version of updown of openswan-2.4.4, which did work fine on
openwrt for me before.

Paul
-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list