[strongSwan] error: no default route - cannot cope with %defaultroute!!!

James Martin jmartin at untangleappliances.com
Thu May 27 20:53:39 CEST 2010 

I am trying to integrate strongswan into another open source UTM called 
untangle. http://www.untangle.com
Untangle runs on debian lenny, so I was able to aptitude install 
strongswan and it installed along with ipsec-tools. The install did not 
prompt me with the blue questions page, but rather skipped all of that 
and made the certs on its own (apparently). I then get the error: no 
default route - cannot cope with %defaultroute!!!

This makes sense, since ip route shows the following:
172.16.0.0/24 dev eth1  proto kernel  scope link  src 172.16.0.1
192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.175
172.16.1.0/24 dev eth2  proto kernel  scope link  src 172.16.1.1
192.0.2.0/24 dev dummy0  proto kernel  scope link  src 192.0.2.42
192.0.2.0/24 dev utun  proto kernel  scope link  src 192.0.2.43

eth0 is the default gateway. dummy0 and utun used by untangle for 
updates and the integrated openvpn ssl vpn server its already running.

I had read alot on the error, and my config file is as follows:
config setup
         # plutodebug=all
         # crlcheckinterval=600
         # strictcrlpolicy=yes
         # cachecrls=yes
         interfaces="ipsec0=eth0"
         nat_traversal=yes
         charonstart=yes
         plutostart=no

conn %default
         ikelifetime=60m
         keylife=20m
         rekeymargin=3m
         keyingtries=1
         authby=secret
         keyexchange=ikev2
         mobike=no

conn net-net
         left=192.168.1.175
         leftnexthop=192.168.1.1
         leftsubnet=172.16.0.0/24
         leftid=@moon.strongswan.org
         leftfirewall=yes
         right=8.19.101.8
         rightsubnet=10.2.0.0/16
         rightid=@sun.strongswan.org
         auto=add

running the command ipsec start generates:

Starting strongSwan 4.2.4 IPsec [starter]...
charon is already running (/var/run/charon.pid exists) -- skipping 
charon start
no default route - cannot cope with %defaultroute!!!
\starter is already running (/var/run/starter.pid exists) -- no fork done

I dont understand why its saying cannot cope with %defaultroute!!! since 
no where in the config does it specify %defaultroute

This is just a test bed, but if I can get strongswan to start correctly 
then I will put it on a live IP and connect it with a cloud server that 
is running strongswan to test.

I have installed it on 8.19.101.8 (cloud server, base debian) and it 
worked just fine. I know im throwing alot of info out there, hopefully 
someone can help. TIA

More information about the Users mailing list