I'm seeing some strange behaviour with the route ipsec0 gets
when you do a route -n.
Basically the connection is normally on an ADSL link and ifconfig and
route look like so.
adsl0 Link encap:Ethernet HWaddr 00:50:BA:91:57:6A
inet addr:202.7.x.y Bcast:202.7.92.31 Mask:255.255.255.252
eth0 Link encap:Ethernet HWaddr 00:02:B3:98:E8:58
inet addr:10.140.2.1 Bcast:10.140.2.255 Mask:255.255.255.0
ipsec0 Link encap:Ethernet HWaddr 00:50:BA:91:57:6A
inet addr:202.7.x.y Mask:255.255.255.252
Destination Gateway Genmask Flags Metric Ref Use Iface
202.7.92.28 0.0.0.0 255.255.255.252 U 0 0 0 adsl0
202.7.92.28 0.0.0.0 255.255.255.252 U 0 0 0 ipsec0
10.140.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 202.7.92.29 0.0.0.0 UG 0 0 0 adsl0
<lots of ipsec routes snipped>
Which is normal and as you would expect.
Then the ADSL link fails and I bring up a modem connection and do an ipsec
restart everything still works fine at this stage as so. The modem connection
is given the same IP as the adsl connection but the adsl connection is taken
down so as not to cause a multiple IP on same interface issue.
ppp0 Link encap:Ethernet HWaddr 00:50:BA:91:57:6A
inet addr:202.7.x.y Bcast:203.9.190.192 Mask:255.255.255.255
eth0 Link encap:Ethernet HWaddr 00:02:B3:98:E8:58
inet addr:10.140.2.1 Bcast:10.140.2.255 Mask:255.255.255.0
ipsec0 Link encap:Ethernet HWaddr 00:50:BA:91:57:6A
inet addr:202.7.x.y Mask:255.255.255.252
Destination Gateway Genmask Flags Metric Ref Use Iface
203.9.190.192 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
203.9.190.192 0.0.0.0 255.255.255.255 UH 0 0 0 ipsec0
10.140.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 203.9.190.192 0.0.0.0 UG 0 0 0 ppp0
<lots of ipsec routes snipped>
The problem occurs when I switch back to the ADSL link. I do an ipsec restart
The ifconfig is as at the top of this email but the routeing table is as so
Destination Gateway Genmask Flags Metric Ref Use Iface
202.7.92.28 0.0.0.0 255.255.255.252 U 0 0 0 adsl0
203.9.190.192 0.0.0.0 255.255.255.252 UH 0 0 0 ipsec0
10.140.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 202.7.92.29 0.0.0.0 UG 0 0 0 adsl0
Notice how the ipsec0 route has the correct netmask but has still
somehow kept the ppp0 destination. This of course means that pluto can't
insert the routes because the destination is unrechable.
eg
May 10 09:50:39 gw Pluto[24078]: "usgw208.37.148.0": route-host output: SIOCADDRT: Network is unreachable
May 10 09:50:39 gw Pluto[24078]: "usgw208.37.148.0": route-host output: /usr/lib/ipsec/_updown: `route add -net 208.37.148.0 netmask 255.255.252.0 dev ipsec0 gw 202.7.92.29' failed
May 10 09:50:39 gw Pluto[24078]: "usgw208.37.148.0": route-host output: /usr/lib/ipsec/_updown: (incorrect or missing nexthop setting??)
I'm guessing that 203.9.190.192 is stuck in the kernel somewhere and
somehow ipsec is finding it?
Has anyone come across anything similar before?
-- John Ferlito Senior Engineer Bulletproof Networks ph: +61 (0) 2 9663 9000 fax: +61 (0) 2 9662 4744 mob: +61 (0) 410 519 382 http://www.bulletproof.net.au/This e-mail and any attachments are confidential and may be legally privileged. Only the intended recipient may access or use it and no confidentiality or privilege is waived or lost by mistaken transmission. If you are not the intended recipient you must not copy or disclose this email's contents to any person and you must delete it and notify us immediately. Bulletproof Networks uses virus scanning software but excludes all liability for viruses or similar in any attachment as well as for any error or incompleteness in the contents of this e-mail. _______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:58 CEST