[Openswan Users] "cannot install eroute" after remote IP change

Michael Smith msmith at cbnco.com
Fri Mar 4 13:45:17 EST 2011

Paul Wouters wrote:
> I would recommend rekey=no on the static end, and only
> letting the ip changing end initiate.

Yeah, that's what I've got now. Definitely makes the logs easier to 
read, at least.

> You also mentioned a memory leak in another email, but I found no 
> mention of
> it elsewhere? Do you have more information?

After "cannot install eroute", something is not getting cleaned up in 
pluto (not sure what). This is in the inbound QI1 handling, I believe. 
The remote end keeps retrying, so eventually pluto grows to consume all RAM.

The terrible hack I applied tiptoes around the leak by allowing 
could_route() to "succeed", so the remote end doesn't keep trying, it 
just has a broken SA.


More information about the Users mailing list