<div dir="ltr">Hi,<div><br></div><div>Please can you add output of:</div><div>ip route show</div><div><div>ip route show table 220</div></div><div>ip xfrm state</div><div>ip a</div><div><br></div><div>Are you able to successfully do:</div><div>ip route add <a href="http://10.180.0.0/24" target="_blank" rel="nofollow">10.180.0.0/24</a> via 172.16.48.17<br></div><div>?</div><div><br></div><div>Miroslav</div><div><br>On Saturday, April 25, 2015 at 6:24:45 PM UTC+2, Bas van Dijk wrote:<blockquote class="gmail_quote" style="margin: 0;margin-left: 0.8ex;border-left: 1px #ccc solid;padding-left: 1ex;">Hello,
<br>
<br>I recently changed something in my network setup (I added an IP
<br>address to eth0) and now charon can't add the route to the rightsubnet
<br>(<a href="http://10.180.0.0/24" target="_blank" rel="nofollow" onmousedown="this.href='http://www.google.com/url?q\75http%3A%2F%2F10.180.0.0%2F24\46sa\75D\46sntz\0751\46usg\75AFQjCNFWqCh0H4tGrJ3ywudOCv-E4pvlmg';return true;" onclick="this.href='http://www.google.com/url?q\75http%3A%2F%2F10.180.0.0%2F24\46sa\75D\46sntz\0751\46usg\75AFQjCNFWqCh0H4tGrJ3ywudOCv-E4pvlmg';return true;">10.180.0.0/24</a>) anymore. This is the relevant log output from the KNL
<br>subsystem:
<br>
<br>getting a local address in traffic selector <a href="http://172.16.48.16/28" target="_blank" rel="nofollow" onmousedown="this.href='http://www.google.com/url?q\75http%3A%2F%2F172.16.48.16%2F28\46sa\75D\46sntz\0751\46usg\75AFQjCNEIIl6PwcXJKR9BWy4j-IUZ3ZokLw';return true;" onclick="this.href='http://www.google.com/url?q\75http%3A%2F%2F172.16.48.16%2F28\46sa\75D\46sntz\0751\46usg\75AFQjCNEIIl6PwcXJKR9BWy4j-IUZ3ZokLw';return true;">172.16.48.16/28</a>
<br>using host 172.16.48.17
<br>using 136.243.17.1 as nexthop to reach <a href="http://213.163.70.4/32" target="_blank" rel="nofollow" onmousedown="this.href='http://www.google.com/url?q\75http%3A%2F%2F213.163.70.4%2F32\46sa\75D\46sntz\0751\46usg\75AFQjCNHv02hMB56QtFOwNb5eGPcJ7xeHFg';return true;" onclick="this.href='http://www.google.com/url?q\75http%3A%2F%2F213.163.70.4%2F32\46sa\75D\46sntz\0751\46usg\75AFQjCNHv02hMB56QtFOwNb5eGPcJ7xeHFg';return true;">213.163.70.4/32</a>
<br>136.243.25.108 is on interface eth0
<br>installing route: <a href="http://10.180.0.0/24" target="_blank" rel="nofollow" onmousedown="this.href='http://www.google.com/url?q\75http%3A%2F%2F10.180.0.0%2F24\46sa\75D\46sntz\0751\46usg\75AFQjCNFWqCh0H4tGrJ3ywudOCv-E4pvlmg';return true;" onclick="this.href='http://www.google.com/url?q\75http%3A%2F%2F10.180.0.0%2F24\46sa\75D\46sntz\0751\46usg\75AFQjCNFWqCh0H4tGrJ3ywudOCv-E4pvlmg';return true;">10.180.0.0/24</a> via 136.243.17.1 src 172.16.48.17 dev eth0
<br>getting iface index for eth0
<br>received netlink error: Network is unreachable (101)
<br>
<br>If I try to do add the route manually I get the same error:
<br>
<br># ip route add  <a href="http://10.180.0.0/24" target="_blank" rel="nofollow" onmousedown="this.href='http://www.google.com/url?q\75http%3A%2F%2F10.180.0.0%2F24\46sa\75D\46sntz\0751\46usg\75AFQjCNFWqCh0H4tGrJ3ywudOCv-E4pvlmg';return true;" onclick="this.href='http://www.google.com/url?q\75http%3A%2F%2F10.180.0.0%2F24\46sa\75D\46sntz\0751\46usg\75AFQjCNFWqCh0H4tGrJ3ywudOCv-E4pvlmg';return true;">10.180.0.0/24</a> via 136.243.17.1 src 172.16.48.17 dev eth0
<br>RTNETLINK answers: Network is unreachable
<br>
<br>I don't completely understand the error message. What network is unreachable?
<br>
<br>Regards,
<br>
<br>Bas
<br>
<br>
<br>On 21 March 2015 at 12:21, Bas van Dijk <<a href="mailto:v.dijk.bas@gmail.com" target="_blank" rel="nofollow" onmousedown="this.href='mailto:v.dijk.bas@gmail.com';return true;" onclick="this.href='mailto:v.dijk.bas@gmail.com';return true;">v.dijk.bas@gmail.com</a>> wrote:
<br>> Hi Tobias,
<br>>
<br>> I added the address to `eth0` and now strongswan inserts the proper
<br>> route. So I think I'm all set!
<br>>
<br>> Thanks for your insightful help,
<br>>
<br>> Bas
<br>>
<br>> On 20 March 2015 at 18:54, Tobias Brunner <<a href="mailto:tobias@strongswan.org" target="_blank" rel="nofollow" onmousedown="this.href='mailto:tobias@strongswan.org';return true;" onclick="this.href='mailto:tobias@strongswan.org';return true;">tobias@strongswan.org</a>> wrote:
<br>>> Hi Bas,
<br>>>
<br>>>> My question now is to which interface should I attach 172.16.48.17?
<br>>>
<br>>> It doesn't really matter.  If you don't actually suffer from #197 [1],
<br>>> i.e. if you use strongSwan 5.0.1 or newer, you can add it to `lo`.
<br>>> Adding it to eth0 does work too, that's what strongSwan does by default
<br>>> when it installs virtual IPs it gets assigned dynamically from other
<br>>> peers [2].  Routers on the Internet won't route packets with that
<br>>> destination address to your host so it doesn't make much of a difference
<br>>> if you install it on an interface connected to it or not.
<br>>>
<br>>> Regards,
<br>>> Tobias
<br>>>
<br>>> [1] <a href="https://wiki.strongswan.org/issues/197" target="_blank" rel="nofollow" onmousedown="this.href='https://www.google.com/url?q\75https%3A%2F%2Fwiki.strongswan.org%2Fissues%2F197\46sa\75D\46sntz\0751\46usg\75AFQjCNEDiv7qblp0IUaSuOYMtvLt7ngU1g';return true;" onclick="this.href='https://www.google.com/url?q\75https%3A%2F%2Fwiki.strongswan.org%2Fissues%2F197\46sa\75D\46sntz\0751\46usg\75AFQjCNEDiv7qblp0IUaSuOYMtvLt7ngU1g';return true;">https://wiki.strongswan.org/<wbr>issues/197</a>
<br>>> [2] <a href="https://wiki.strongswan.org/projects/strongswan/wiki/VirtualIp" target="_blank" rel="nofollow" onmousedown="this.href='https://www.google.com/url?q\75https%3A%2F%2Fwiki.strongswan.org%2Fprojects%2Fstrongswan%2Fwiki%2FVirtualIp\46sa\75D\46sntz\0751\46usg\75AFQjCNFv7ZfM4fx6o3JyuGLLD2IXs_Tb1A';return true;" onclick="this.href='https://www.google.com/url?q\75https%3A%2F%2Fwiki.strongswan.org%2Fprojects%2Fstrongswan%2Fwiki%2FVirtualIp\46sa\75D\46sntz\0751\46usg\75AFQjCNFv7ZfM4fx6o3JyuGLLD2IXs_Tb1A';return true;">https://wiki.strongswan.org/<wbr>projects/strongswan/wiki/<wbr>VirtualIp</a>
<br>>>
<br>______________________________<wbr>_________________
<br>Users mailing list
<br><a href="mailto:Users@lists.strongswan.org" target="_blank" rel="nofollow" onmousedown="this.href='mailto:Users@lists.strongswan.org';return true;" onclick="this.href='mailto:Users@lists.strongswan.org';return true;">Users@lists.strongswan.org</a>
<br><a href="https://lists.strongswan.org/mailman/listinfo/users" target="_blank" rel="nofollow" onmousedown="this.href='https://www.google.com/url?q\75https%3A%2F%2Flists.strongswan.org%2Fmailman%2Flistinfo%2Fusers\46sa\75D\46sntz\0751\46usg\75AFQjCNHpb2EWexg7wtvkBUUWojs4DgFnHQ';return true;" onclick="this.href='https://www.google.com/url?q\75https%3A%2F%2Flists.strongswan.org%2Fmailman%2Flistinfo%2Fusers\46sa\75D\46sntz\0751\46usg\75AFQjCNHpb2EWexg7wtvkBUUWojs4DgFnHQ';return true;">https://lists.strongswan.org/<wbr>mailman/listinfo/users</a>
<br></blockquote></div></div>