[Openswan Users] ip route problem
Marek Greško
gresko at thr.sk
Thu Jan 14 10:55:33 EST 2010
On St 13. Január 2010 12:09:02 Marek Greško wrote:
> Hello,
>
> I had a working setup using Fedora 11. Yesterday I replaced my i386 box
> with x86_64 and Fedora 12 installed (with latest updates). I then run into
> problems setting routes for leftsourceip. I have tunnel working, but
> leftsourceip is not applied since I get this in the logs:
>
> Jan 12 12:51:12 gw pluto[3086]: "myconn": route-client output: /usr/libexec
> /ipsec/_updown.netkey: doroute `ip route replace 192.168.40.0/22 dev eth1
> src 192.168.15.254' failed (RTNETLINK answers: Operation not permitted)
>
> When I try to add the route manually, everything works.
>
> Firstly I was suspecting SELinux. But I have SELinux disabled:
>
> [root at gw log]# sestatus -v
> SELinux status: disabled
I still cannot imagine what else could block route manipulation except
selinux. I expect the script is run under root... Should this be a kernel bug?
But why the routes could be added manually?
M.
>
> Current versions:
> [root at gw log]# rpm -q kernel openswan
> kernel-2.6.31.5-127.fc12.x86_64
> kernel-2.6.31.9-174.fc12.x86_64
> openswan-2.6.23-1.fc12.x86_64
>
> [root at gw log]# uname -a
> Linux gw.xxxxx.lan 2.6.31.9-174.fc12.x86_64 #1 SMP Mon Dec 21 05:33:33 UTC
> 2009 x86_64 x86_64 x86_64 GNU/Linux
>
> Do you have any suggestions what should I look for?
>
> Thank you.
>
> Marek
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
More information about the Users
mailing list