[Openswan Users] "cannot install eroute" after remote IP change

Paul Wouters paul at xelerance.com
Fri Mar 4 13:24:41 EST 2011

On Tue, 1 Mar 2011, Michael Smith wrote:

> There is only one gateway at the other end. Its IP address changes every
> few hours, but what's odd is in this case instance [5] and [6] both had
> the same (new) IP.
> I dug through the git history of could_route() in pluto/kernel.c. In
> Openswan 2.4.x, the block around the check that leads to "cannot install
> route" used to be surrounded by #ifdef KLIPS. The #ifdef was removed as
> part of a merge of the CVS tree into Git:
> commit 7836dfce24a7d46a5a6a153dad47e2aabf6362d6
> Author: Michael Richardson <mcr at herring.sandelman.ca>
> Date:   Wed Nov 2 14:01:00 2005 -0500
>        openswan HEAD as of 20051102
> I've #ifdef'd out the "return FALSE" for now and replaced it with a log
> message and a "return route_easy" in the NETKEY case. I'll see what
> explodes with the check removed.

That's probably not a good idea.

It's probably worth looking at a plutodebug=all to see what happens when the
instances get mixed up. I would recommend rekey=no on the static end, and only
letting the ip changing end initiate.

You also mentioned a memory leak in another email, but I found no mention of
it elsewhere? Do you have more information?


More information about the Users mailing list