[Swan] [Bug 86] left=%defaultroute does not work in a conn

Nick Howitt nick at howitts.co.uk
Thu May 8 14:51:46 EEST 2014 

 

I was patching rpmbuild/SOURCES/..../programs/addconn/addconn.c directly
by hand and I have checked it afterwards as well. I need to check the
rpmbuild switches I was using when I get home, but I think I was OK. The
other thing I want to do is uninstall libreswan before reinstalling it
in case the forced update is not doing as I expected. 

Regards your comment about addconn, I don't follow the relevance. I am
only using addconn for debugging. I normally just start ipsec ot use
"ipsec auto --replace conn". This always worked in Openswan without
leftnexthop but fails in Libreswan. 

FWIW, in Openswan left=%defaultroute right=%any in 2.4.x worked without
setting protostack=netkey i.e. just implying it. In 2.6.x you have to
explicitly set protostack=netkey for it to work. The implicit setting
did not work and Paul did not know what had changed. (He used to
maintain it did not work at all even when I was using it, but now
accepts that it does work). In neither case did I ever set leftnexthop. 

Regards, 

Nick 

On 2014-05-08 12:26, Wolfgang Nothdurft wrote: 

> Am 08.05.2014 12:48, schrieb bugs at libreswan.org:
> 
>> https://bugs.libreswan.org/show_bug.cgi?id=86 [1] --- Comment #30 from Nick Howitt <nick at howitts.co.uk> 2014-05-08 13:48:35 EEST --- This is where I am a little confused. I patched the source by hand and recompiled the rpm. I then installed the rpm with a -Uvh --force as it is the same version number as I was running and then I tested. As far as I know I am running the patched version so I don't understand why the table number is not displayed. One thing I did notice was that when I changed left to IP I no longer got the whole routing table dumped when doing the addconn --verbose. Does it mean there is another place which needs patching.
> 
> I think we better use the mailing list for this.
> 
> Are you sure the latest patch applied properly and you have not one of the first ones applied.
> 
> That would explain the change of the addconn behaviour without the table id output.
> 
> You can have a look in the rpmbuild folder if addconn.c is correctly patched.
> 
>> Regarding the left and leftnexthop = %defaultroute, in Openswan leftnexthop is not needed and from the man pages is implied as soon as you make left = %defaultroute (perhaps also with interfaces=%defaultroute). See comment 13. Tuomo does not accept that and said the man pages are wrong, but why then does Openswan work? I believe Paul Wouters agrees with my view.
> 
> In openswan addconn get the info from command line parameters, which was changed in libreswan.
 

Links:
------
[1] https://bugs.libreswan.org/show_bug.cgi?id=86
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20140508/ac2406a4/attachment.html>

More information about the Swan mailing list