[Swan] dev lo route error
Paul Wouters
pwouters at redhat.com
Fri Jan 4 18:17:40 EET 2013
On Fri, 4 Jan 2013, Nick Howitt wrote:
> A few of us are trying to develop a front end for this/Openswan in ClearOS, and one person has tried LibreSwan and he got the same
> thing. If you look in Oguz Yilmaz's log you will see:
Neat! Keep us in the loop?
> Jan 2 10:18:28 2013 pluto[18211]: \"myvpn/0x2\" #2: route-client
> output: /usr/libexec/ipsec/_updown.netkey: doroute `ip route replace
> 192.168.2.0/24 via 10.46.1.5 dev lo src 10.46.1.5\' failed (RTNETLINK
> answers: No such process)
>
> The tester's comment is "The only bad news is that the /usr/libexec/ipsec/_updown.netkey appears to have been modified, such that the
> local route from the gateway fails as it attempts to use the 'lo' interface rather than the default route... still investigating why
> this differs between packages"
You'll see the new code in programs/addconn/addconn.c that is
responsible for that.
When no leftnexthop= is specified, we try to determine it based on the
routing table. In openswan it was always based on the defaultroute, eg
the default gateway.
There seems to be an issue with this code in some circumstances. I
believe this might be because if you ask the kernel for the gateway
of "0.0.0.0" (right=%any) it might give you 127.0.0.1 with dev lo...
Paul
More information about the Swan
mailing list