Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

Re: [Users] Strange problem with route on ipsec0

From: John Ferlito (johnf_at_inodes.org)
Date: Sat May 11 2002 - 08:03:48 CEST

Next message: Andy: "[Users] IPSEC passthrough"
Previous message: Sam Sgro: "Re: [Users] A problem with FreeS/WAN on Redhat Linux 7.2"
In reply to: John Ferlito: "[Users] Strange problem with route on ipsec0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I've done some more debugging on this and I'm fairly sure it's a kernel
bug. From what I can tell in _klipsetup the following gets run

ifconfig ipsec0 inet 202.7.92.30 broadcast 202.7.92.31 netmask 255.255.255.252 mtu 1412

now this should automagically insert the route that would be created
by the following
route add -net 202.7.92.28 netmask 255.255.255.252 dev ipsec0

but instead it seems to be doing
route add -net 203.9.190.192 netmask 255.255.255.252 dev ipsec0

It's using the right netmask but seems to be using the network from the
old ppp device.

Does anyone know where in the kernel code the routes get added so I can
try and work out where the old network is lingering?

Thanks,

On Fri, May 10, 2002 at 11:36:04AM +1000, John Ferlito wrote:
>
> I'm seeing some strange behaviour with the route ipsec0 gets
> when you do a route -n.
>
> Basically the connection is normally on an ADSL link and ifconfig and
> route look like so.
>
> adsl0 Link encap:Ethernet HWaddr 00:50:BA:91:57:6A
> inet addr:202.7.92.30 Bcast:202.7.92.31 Mask:255.255.255.252
> eth0 Link encap:Ethernet HWaddr 00:02:B3:98:E8:58
> inet addr:10.140.2.1 Bcast:10.140.2.255 Mask:255.255.255.0
> ipsec0 Link encap:Ethernet HWaddr 00:50:BA:91:57:6A
> inet addr:202.7.92.30 Mask:255.255.255.252
>
> Destination Gateway Genmask Flags Metric Ref Use Iface
> 202.7.92.28 0.0.0.0 255.255.255.252 U 0 0 0 adsl0
> 202.7.92.28 0.0.0.0 255.255.255.252 U 0 0 0 ipsec0
> 10.140.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
> 0.0.0.0 202.7.92.29 0.0.0.0 UG 0 0 0 adsl0
> <lots of ipsec routes snipped>
>
> Which is normal and as you would expect.
>
> Then the ADSL link fails and I bring up a modem connection and do an ipsec
> restart everything still works fine at this stage as so. The modem connection
> is given the same IP as the adsl connection but the adsl connection is taken
> down so as not to cause a multiple IP on same interface issue.
>
> ppp0 Link encap:Ethernet HWaddr 00:50:BA:91:57:6A
> inet addr:202.7.92.30 Bcast:203.9.190.192 Mask:255.255.255.255
> eth0 Link encap:Ethernet HWaddr 00:02:B3:98:E8:58
> inet addr:10.140.2.1 Bcast:10.140.2.255 Mask:255.255.255.0
> ipsec0 Link encap:Ethernet HWaddr 00:50:BA:91:57:6A
> inet addr:202.7.92.30 Mask:255.255.255.252
>
> Destination Gateway Genmask Flags Metric Ref Use Iface
> 203.9.190.192 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
> 203.9.190.192 0.0.0.0 255.255.255.255 UH 0 0 0 ipsec0
> 10.140.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
> 0.0.0.0 203.9.190.192 0.0.0.0 UG 0 0 0 ppp0
> <lots of ipsec routes snipped>
>
> The problem occurs when I switch back to the ADSL link. I do an ipsec restart
> The ifconfig is as at the top of this email but the routeing table is as so
>
>
>
> Destination Gateway Genmask Flags Metric Ref Use Iface
> 202.7.92.28 0.0.0.0 255.255.255.252 U 0 0 0 adsl0
> 203.9.190.192 0.0.0.0 255.255.255.252 UH 0 0 0 ipsec0
> 10.140.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
> 0.0.0.0 202.7.92.29 0.0.0.0 UG 0 0 0 adsl0
>
>
> Notice how the ipsec0 route has the correct netmask but has still
> somehow kept the ppp0 destination. This of course means that pluto can't
> insert the routes because the destination is unrechable.
>
> eg
> May 10 09:50:39 gw Pluto[24078]: "usgw208.37.148.0": route-host output: SIOCADDRT: Network is unreachable
> May 10 09:50:39 gw Pluto[24078]: "usgw208.37.148.0": route-host output: /usr/lib/ipsec/_updown: `route add -net 208.37.148.0 netmask 255.255.252.0 dev ipsec0 gw 202.7.92.29' failed
> May 10 09:50:39 gw Pluto[24078]: "usgw208.37.148.0": route-host output: /usr/lib/ipsec/_updown: (incorrect or missing nexthop setting??)
>
>
> I'm guessing that 203.9.190.192 is stuck in the kernel somewhere and
> somehow ipsec is finding it?
>
>
> Has anyone come across anything similar before?
>
>
> --
> John Ferlito
> Senior Engineer
> Bulletproof Networks
> ph: +61 (0) 2 9663 9000
> fax: +61 (0) 2 9662 4744
> mob: +61 (0) 410 519 382
> http://www.bulletproof.net.au/
>
> This e-mail and any attachments are confidential and may be legally
> privileged. Only the intended recipient may access or use it and no
> confidentiality or privilege is waived or lost by mistaken transmission.
> If you are not the intended recipient you must not copy or disclose
> this email's contents to any person and you must delete it and notify
> us immediately. Bulletproof Networks uses virus scanning software
> but excludes all liability for viruses or similar in any attachment as
> well as for any error or incompleteness in the contents of this e-mail.
> _______________________________________________
> Users mailing list
> Users_at_lists.freeswan.org
> http://lists.freeswan.org/mailman/listinfo/users

-- 
John
http://www.inodes.org/
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: Andy: "[Users] IPSEC passthrough"
Previous message: Sam Sgro: "Re: [Users] A problem with FreeS/WAN on Redhat Linux 7.2"
In reply to: John Ferlito: "[Users] Strange problem with route on ipsec0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:58 CEST