[Openswan Users] rekey=no && cannot install eroute

Michael.Karlinsky at tieto.com Michael.Karlinsky at tieto.com
Mon Mar 15 06:05:52 EDT 2010

Hi Paul,

after fixing two compile errors, I managed to install newest OpenSwan from git.

But unfortunately I get the same error message, see below.

The DUT is based on Free BSD, as far as I know. Maybe I can get some more specific info.

Kind Regards,

From: Paul Wouters [paul at xelerance.com]
Sent: Sunday, March 14, 2010 9:05 PM
To: Karlinsky Michael
Cc: users at openswan.org
Subject: Re: [Openswan Users] rekey=no && cannot install eroute

On Fri, 12 Mar 2010, Michael.Karlinsky at tieto.com wrote:

> we have the following problem(s).
> We have a DUT (device under test) which has a known bug regarding IPSec rekeying, if initiated by OpenSwan. So we thought about using "rekey=no" in
> OpenSwan as a workaround.
> 1) We expect OpenSwan to never initiate rekeying. But OpenSwan will do rekeying, if asked to. Is this assumtion correct?
> 2) Every time the DUT tries to initiate rekeying, we get the following message:
> Mar 3 14:49:21 ipsectest pluto[19759]: "vpnk"[5] #5: cannot install eroute -- it is in use for "vpnk"[4] #4

I believe this a bug that has been partially fixed since 2.6.24, but we have not
released 2.6.25 yet. It has to do with responding to a rekey. I think some
Windows flavours do a rekey (eg quickmode) while some in reality to a new
exchange from scratvh.

You can try the current git version.

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: log.txt
Url: http://lists.openswan.org/pipermail/users/attachments/20100315/3a31ff54/attachment-0001.txt 

More information about the Users mailing list