<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Dear Nick,<br>
<br>
Would the root cause to the problem be my change in routine
resolve_defaultroute_one (file
libreswan-3.0/programs/addconn/addconn.c)<br>
with:<br>
if (has_dst == 0) {<br>
struct nlmsghdr *nlmsg = (struct nlmsghdr *)msgbuf;<br>
nlmsg->nlmsg_flags |= NLM_F_DUMP;<br>
<b> if (parse_gateway)</b><b><br>
</b><b> </b>parse_src = 0;<b><br>
</b> }<br>
I have been attempting to satisfy such a connection configuration
described at
<a class="moz-txt-link-freetext" href="http://vouters.dyndns.org/tima/Linux-Libreswan-Setting_up_an_Intranet_VPN_with_Windows_7.html">http://vouters.dyndns.org/tima/Linux-Libreswan-Setting_up_an_Intranet_VPN_with_Windows_7.html</a>
where there is no leftnexthop. In bold my change.<br>
<br>
To make sure the problem actually comes from addconn : # ipsec
addconn --verbose --autoall<br>
<br>
In the hope this can help.<br>
<pre class="moz-signature" cols="72">Philippe Vouters (Fontainebleau/France)
URL: <a class="moz-txt-link-freetext" href="http://vouters.dyndns.org/">http://vouters.dyndns.org/</a>
SIP: <a class="moz-txt-link-abbreviated" href="mailto:sip:Vouters@sip.linphone.org">sip:Vouters@sip.linphone.org</a></pre>
Le 04/01/2013 17:10, Nick Howitt a écrit :<br>
</div>
<blockquote cite="mid:50E6FEF7.509@gmail.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
*** Message resent - first not gone through? ***<br>
<br>
Paul,<br>
<br>
A few of us are trying to develop a front end for this/Openswan in
ClearOS, and one person has tried LibreSwan and he got the same
thing. If you look in Oguz Yilmaz's log you will see:<br>
<br>
<pre wrap="">Jan 2 10:18:28 2013 pluto[18211]: \"myvpn/0x2\" #2: route-client
output: <i class="moz-txt-slash"><span class="moz-txt-tag">/</span>usr/libexec/ipsec<span class="moz-txt-tag">/</span></i>_updown.netkey: doroute `ip route replace
192.168.2.0/24 via 10.46.1.5 dev lo src 10.46.1.5\' failed (RTNETLINK
answers: No such process)
</pre>
The tester's comment is "The only bad news is that the
/usr/libexec/ipsec/_updown.netkey appears to have been modified,
such that the local route from the gateway fails as it attempts to
use the 'lo' interface rather than the default route... still
investigating why this differs between packages"<br>
<br>
HTH,<br>
<br>
Nick<br>
<br>
<div class="moz-cite-prefix">On 03/01/2013 23:36, Paul Wouters
wrote:<br>
</div>
<blockquote
cite="mid:alpine.LFD.2.03.1301031836210.3191@redhat.com"
type="cite"> <br>
On Fri, 4 Jan 2013, Oguz Yilmaz wrote: <br>
<br>
<blockquote type="cite">2 is resolved as I said. But <br>
<br>
1- Why it takes about 2 minutes after restart of ipsec to
establish connection? <br>
<br>
continues. <br>
</blockquote>
<br>
That should not be the case. If you can provide some logs that
we can <br>
investigate. <br>
<br>
Paul <br>
_______________________________________________ <br>
Swan mailing list <br>
<a moz-do-not-send="true" class="moz-txt-link-abbreviated"
href="mailto:Swan@lists.libreswan.org">Swan@lists.libreswan.org</a>
<br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="https://lists.libreswan.org/mailman/listinfo/swan">https://lists.libreswan.org/mailman/listinfo/swan</a>
<br>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Swan mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Swan@lists.libreswan.org">Swan@lists.libreswan.org</a>
<a class="moz-txt-link-freetext" href="https://lists.libreswan.org/mailman/listinfo/swan">https://lists.libreswan.org/mailman/listinfo/swan</a>
</pre>
</blockquote>
<br>
</body>
</html>