[Openswan Users] rekey=no && cannot install eroute

Paul Wouters paul at xelerance.com
Sun Mar 14 16:05:41 EDT 2010


On Fri, 12 Mar 2010, Michael.Karlinsky at tieto.com wrote:

> we have the following problem(s).
>  
> We have a DUT (device under test) which has a known bug regarding IPSec rekeying, if initiated by OpenSwan. So we thought about using "rekey=no" in
> OpenSwan as a workaround.
>  
> 1) We expect OpenSwan to never initiate rekeying. But OpenSwan will do rekeying, if asked to. Is this assumtion correct?
>  
> 2) Every time the DUT tries to initiate rekeying, we get the following message:
>  
> 
> Mar 3 14:49:21 ipsectest pluto[19759]: "vpnk"[5] 172.30.64.140 #5: cannot install eroute -- it is in use for "vpnk"[4] 172.30.64.140 #4

I believe this a bug that has been partially fixed since 2.6.24, but we have not
released 2.6.25 yet. It has to do with responding to a rekey. I think some
Windows flavours do a rekey (eg quickmode) while some in reality to a new
exchange from scratvh.

You can try the current git version.

Paul


More information about the Users mailing list