[Swan] _updown.klips and ip command return code causing conn failure
Paul Wouters
pwouters at redhat.com
Fri May 24 18:46:30 EEST 2013
I noticed this failure:
from _updown.klips:
if ! ip -o route get ${PLUTO_MY_SOURCEIP%/*} | grep ipsec0; then
cmd=change
However, on a machine with
eth0 Link encap:Ethernet HWaddr 00:01:49:00:C2:9B
inet addr:192.168.10.2 Bcast:192.168.10.255 Mask:255.255.255.0
eth1 Link encap:Ethernet HWaddr 00:01:49:00:C2:9C
inet addr:192.168.100.2 Bcast:192.168.100.255 Mask:255.255.255.0
ipsec0 Link encap:Ethernet HWaddr 00:01:49:00:C2:9B
inet addr:192.168.10.2 Mask:255.255.255.255
ipsec1 Link encap:Ethernet HWaddr 00:01:49:00:C2:9C
inet addr:192.168.100.2 Mask:255.255.255.255
I got:
"aaa" #2: up-client output: /usr/libexec/ipsec/_updown.klips: changesource "ip route change 192.168.20.0/24 dev ipsec0 src 192.168.100.2" failed (RTNETLINK answers: No such file or directory)
checking manually:
# ip -o route get 192.168.100.2
local 192.168.100.2 dev lo src 192.168.100.2 \
cache <local>
# ip -o route get 111.111.111.111
111.111.111.111 via 192.168.100.1 dev eth1 src
192.168.100.2 \ cache
(note none of those say "ipsec" in the output.
# export PLUTO_MY_SOURCEIP=192.168.100.2
# ip -o route get ${PLUTO_MY_SOURCEIP%/*} | grep ipsec0
# echo $?
1
I then tested using:
# if test -n "`ip -o route get ${PLUTO_MY_SOURCEIP%/*} | grep ipsec0`"; then echo change; fi
#
Which seems a better way to do things.
I'll commit this change if no one objects once the tree is unfrozen,
Paul
More information about the Swan
mailing list