[Openswan Users] rekey=no && cannot install eroute
Paul Wouters
paul at xelerance.com
Sun Mar 14 16:05:41 EDT 2010
On Fri, 12 Mar 2010, Michael.Karlinsky at tieto.com wrote:
> we have the following problem(s).
>
> We have a DUT (device under test) which has a known bug regarding IPSec rekeying, if initiated by OpenSwan. So we thought about using "rekey=no" in
> OpenSwan as a workaround.
>
> 1) We expect OpenSwan to never initiate rekeying. But OpenSwan will do rekeying, if asked to. Is this assumtion correct?
>
> 2) Every time the DUT tries to initiate rekeying, we get the following message:
>
>
> Mar 3 14:49:21 ipsectest pluto[19759]: "vpnk"[5] 172.30.64.140 #5: cannot install eroute -- it is in use for "vpnk"[4] 172.30.64.140 #4
I believe this a bug that has been partially fixed since 2.6.24, but we have not
released 2.6.25 yet. It has to do with responding to a rekey. I think some
Windows flavours do a rekey (eg quickmode) while some in reality to a new
exchange from scratvh.
You can try the current git version.
Paul
More information about the Users
mailing list