[Openswan Users] rekey=no && cannot install eroute
Michael.Karlinsky at tieto.com
Michael.Karlinsky at tieto.com
Mon Mar 15 06:05:52 EDT 2010
Hi Paul,
after fixing two compile errors, I managed to install newest OpenSwan from git.
But unfortunately I get the same error message, see below.
The DUT is based on Free BSD, as far as I know. Maybe I can get some more specific info.
Kind Regards,
Michael
________________________________________
From: Paul Wouters [paul at xelerance.com]
Sent: Sunday, March 14, 2010 9:05 PM
To: Karlinsky Michael
Cc: users at openswan.org
Subject: Re: [Openswan Users] rekey=no && cannot install eroute
On Fri, 12 Mar 2010, Michael.Karlinsky at tieto.com wrote:
> we have the following problem(s).
>
> We have a DUT (device under test) which has a known bug regarding IPSec rekeying, if initiated by OpenSwan. So we thought about using "rekey=no" in
> OpenSwan as a workaround.
>
> 1) We expect OpenSwan to never initiate rekeying. But OpenSwan will do rekeying, if asked to. Is this assumtion correct?
>
> 2) Every time the DUT tries to initiate rekeying, we get the following message:
>
>
> Mar 3 14:49:21 ipsectest pluto[19759]: "vpnk"[5] 172.30.64.140 #5: cannot install eroute -- it is in use for "vpnk"[4] 172.30.64.140 #4
I believe this a bug that has been partially fixed since 2.6.24, but we have not
released 2.6.25 yet. It has to do with responding to a rekey. I think some
Windows flavours do a rekey (eg quickmode) while some in reality to a new
exchange from scratvh.
You can try the current git version.
Paul
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: log.txt
Url: http://lists.openswan.org/pipermail/users/attachments/20100315/3a31ff54/attachment-0001.txt
More information about the Users
mailing list