[Swan] Error ”cannot install eroute” when rekey/reconnect from the same IP (for L2TP)
Paul Wouters
paul at nohats.ca
Tue Dec 16 03:11:25 EET 2014
On Fri, 12 Dec 2014, Elison Niven wrote:
> Subject: [Swan] Error ”cannot install eroute” when rekey/reconnect from the
> same IP (for L2TP)
> Is this fixed now ?
> https://lists.openswan.org/pipermail/users/2010-April/018685.html
I changed this test case:
https://github.com/libreswan/libreswan/tree/master/testing/pluto/l2tp-02-netkey
to simulate your scenario using:
ipsec auto --up north-east-l2tp
echo "c server" > /var/run/xl2tpd/l2tp-control
sleep 5
ipsec look
: ==== cut ====
cat /tmp/xl2tpd.log
: ==== tuc ====
ping -c 4 -n 192.0.2.254
# testing passthrough plaintext
echo quit | nc 192.0.2.254 22
ip addr show dev ppp0
sleep 5
echo "d server" > /var/run/xl2tpd/l2tp-control
ipsec auto --down north-east-l2tp
sleep 5
ipsec auto --up north-east-l2tp
echo "c server" > /var/run/xl2tpd/l2tp-control
sleep 5
ipsec look
echo done
This worked fine. Both the first IPsec and PPP and the second IPsec and
PPP came up successfully. Since it uses RSA, I then modified it to use
PSK. But it still worked.
Is there a chance you can try and test this with libreswan-3.12 ?
Paul
I'm not sure if that fully reproduced your
connection from behind NAT? This connection used RSA, not PSK.
More information about the Swan
mailing list