[Openswan Users] rekey=no && cannot install eroute

Michael.Karlinsky at tieto.com Michael.Karlinsky at tieto.com
Fri Mar 12 07:04:11 EST 2010

Hi all,

we have the following problem(s).

We have a DUT (device under test) which has a known bug regarding IPSec rekeying, if initiated by OpenSwan. So we thought about using "rekey=no" in OpenSwan as a workaround.

1) We expect OpenSwan to never initiate rekeying. But OpenSwan will do rekeying, if asked to. Is this assumtion correct?

2) Every time the DUT tries to initiate rekeying, we get the following message:

Mar 3 14:49:21 ipsectest pluto[19759]: "vpnk"[5] #5: cannot install eroute -- it is in use for "vpnk"[4] #4

Any idea what is going wrong?

Kind Regards,


PS: ipsec.conf and logfile as attachement

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100312/5cc075c5/attachment.html 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: log.txt
Url: http://lists.openswan.org/pipermail/users/attachments/20100312/5cc075c5/attachment.txt 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ipsec.conf
Type: application/octet-stream
Size: 2055 bytes
Desc: ipsec.conf
Url : http://lists.openswan.org/pipermail/users/attachments/20100312/5cc075c5/attachment.obj 

More information about the Users mailing list