[Openswan Users] openwan conflicts with large routing tables?

Roger Schreiter roger at planinternet.de
Sun Nov 9 20:53:56 EST 2008


Hi,

I tried to run openswan on a bgp server.
ipsec is version 2.6.18 with KLIPS.

This machine has no default route, but approx 250,000
single routes.
    /etc/init.d/ipsec start
does not start openswan unless I put a line like
    interfaces="ipsec0=eth0"
in ipsec.conf.

If I use the interface eth0, which has that large routing
table, openswan starts, but the link does not start.
Imho, openswan tries to copy the routing table from eth0
to ipsec0, and than cannot deal with such a large routing
table, or at least too slow, yealding in timeouts when
starting the connection.

If I use another ethX, openswan also starts, but when
starting the link, ipsec complains:
"We cannot identify ourselves with either end of this connection".

This seems logical to me, since openswan obviously looks for
the IP addresses and nexthops named in the conn-section.


Any ideas, how to combie openswan and the large routing tables
produced by the bgp sessions?

Roger.



More information about the Users mailing list