[Openswan Users] ip route problem
gresko at thr.sk
Thu Jan 14 10:55:33 EST 2010
On St 13. Január 2010 12:09:02 Marek Greško wrote:
> I had a working setup using Fedora 11. Yesterday I replaced my i386 box
> with x86_64 and Fedora 12 installed (with latest updates). I then run into
> problems setting routes for leftsourceip. I have tunnel working, but
> leftsourceip is not applied since I get this in the logs:
> Jan 12 12:51:12 gw pluto: "myconn": route-client output: /usr/libexec
> /ipsec/_updown.netkey: doroute `ip route replace 192.168.40.0/22 dev eth1
> src 192.168.15.254' failed (RTNETLINK answers: Operation not permitted)
> When I try to add the route manually, everything works.
> Firstly I was suspecting SELinux. But I have SELinux disabled:
> [root at gw log]# sestatus -v
> SELinux status: disabled
I still cannot imagine what else could block route manipulation except
selinux. I expect the script is run under root... Should this be a kernel bug?
But why the routes could be added manually?
> Current versions:
> [root at gw log]# rpm -q kernel openswan
> [root at gw log]# uname -a
> Linux gw.xxxxx.lan 220.127.116.11-174.fc12.x86_64 #1 SMP Mon Dec 21 05:33:33 UTC
> 2009 x86_64 x86_64 x86_64 GNU/Linux
> Do you have any suggestions what should I look for?
> Thank you.
> Users at openswan.org
> Building and Integrating Virtual Private Networks with Openswan:
More information about the Users