[Openswan Users] %defaultroute not working

David Jao djao at dominia.org
Wed Jul 2 09:40:00 EDT 2008

Hi all,

I managed to fix my problem by adding "protostack=netkey" to config 
setup.  Apparently this is a new requirement of version 2.6.

If any developers are reading this I would urge that they change the 
message printed out by openswan when it is started while running under 
netkey when the protostack directive is not present, as it is _not_ 
obvious that openswan behaves differently with and without this 
directive included.


David Jao wrote:
> Hi,
> I am using Openswan to encrypt wireless network packets on my LAN (a 
> rather common usage scenario, as I understand it).
> I have a dhcp server on that doubles as a NAT gateway for 
>  The gateway runs freeswan-2.06, and my laptop on the 
> LAN runs openswan.  I am using the following configuration to encrypt 
> packets traveling between the laptop and the internet:
> config setup
> conn gateway-laptop-net
>          left=
>          leftid=@gateway
>          leftsubnet=
>          right=%defaultroute
>          rightid=@laptop
>          auto=start
>          compress=no
>          keyingtries=1
>          ikelifetime=15m
>          keylife=15m
>          rekeymargin=5m
>          leftrsasigkey=...
>          rightrsasigkey=...
> Previously, I ran openswan 2.4.9 on my laptop, and this configuration 
> worked perfectly.  After upgrading to 2.6.14, the same configuration 
> does not work anymore unless I replace %defaultroute with my laptop's IP 
> address (which I do not want to do, because my laptop uses dhcp, and I 
> do not necessarily know its IP address ahead of time).  I have been 
> informed that the problem is not a bug in openswan but rather is a 
> problem with my configuration.
> Does anyone have any idea how I can configure this IPsec tunnel without 
> having to specify my laptop's IP address ahead of time?  Thanks!
> -David
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan: 
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155

More information about the Users mailing list