[Swan] repetitive reestablishment of ipsec

Philippe Vouters philippe.vouters at laposte.net
Fri Jan 4 18:44:04 EET 2013 

Dear Nick,

Would the root cause to the problem be my change in routine 
resolve_defaultroute_one (file libreswan-3.0/programs/addconn/addconn.c)
with:
     if (has_dst == 0) {
         struct nlmsghdr *nlmsg = (struct nlmsghdr *)msgbuf;
         nlmsg->nlmsg_flags |= NLM_F_DUMP;
*        if (parse_gateway)**
***parse_src = 0;*
*    }
I have been attempting to satisfy such a connection configuration 
described at 
http://vouters.dyndns.org/tima/Linux-Libreswan-Setting_up_an_Intranet_VPN_with_Windows_7.html 
where there is no leftnexthop. In bold my change.

To make sure the problem actually comes from addconn : # ipsec addconn 
--verbose --autoall

In the hope this can help.

Philippe Vouters (Fontainebleau/France)
URL: http://vouters.dyndns.org/
SIP: sip:Vouters at sip.linphone.org

Le 04/01/2013 17:10, Nick Howitt a écrit :
> *** Message resent - first not gone through? ***
>
> Paul,
>
> A few of us are trying to develop a front end for this/Openswan in 
> ClearOS, and one person has tried LibreSwan and he got the same thing. 
> If you look in Oguz Yilmaz's log you will see:
>
> Jan  2 10:18:28 2013 pluto[18211]: \"myvpn/0x2\" #2: route-client
> output:/usr/libexec/ipsec/_updown.netkey: doroute `ip route replace
> 192.168.2.0/24 via 10.46.1.5 dev lo  src 10.46.1.5\' failed (RTNETLINK
> answers: No such process)
>
> The tester's comment is "The only bad news is that the 
> /usr/libexec/ipsec/_updown.netkey appears to have been modified, such 
> that the local route from the gateway fails as it attempts to use the 
> 'lo' interface rather than the default route... still investigating 
> why this differs between packages"
>
> HTH,
>
> Nick
>
> On 03/01/2013 23:36, Paul Wouters wrote:
>>
>> On Fri, 4 Jan 2013, Oguz Yilmaz wrote:
>>
>>> 2 is resolved as I said. But
>>>
>>> 1- Why it takes about 2 minutes after restart of ipsec to establish 
>>> connection?
>>>
>>> continues.
>>
>> That should not be the case. If you can provide some logs that we can
>> investigate.
>>
>> Paul
>> _______________________________________________
>> Swan mailing list
>> Swan at lists.libreswan.org
>> https://lists.libreswan.org/mailman/listinfo/swan
>
>
>
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20130104/97c289fb/attachment.html>

More information about the Swan mailing list