[strongSwan] Strongswan 4.4.0 - routing problem from local system - possible PLUTO_NEXT_HOP wrong
Richter, Danny
drichter at srs-sys.de
Fri Aug 27 14:00:35 CEST 2010
Hello,
i've got an little problem, _updown could not update the route for the
local system:
pluto[6592]: "N_MD.N_HRO" #2: route-client output:
/usr/libexec/ipsec/_updown: doroute `sudo`sudo ip route add
192.168.105.0/24 via 87.234.28.218 dev ppp0 src 192.168.107.200 table
220 ' failed (RTNETLINK answers: Network is unreachable)
# VPN gateway connection N_MD.N_HRO
conn N_MD.N_HRO
# Right (remote) MD
right=87.234.xxx.218
rightsubnet=192.168.105.0/24
# Left (local) HRO
left=87.173.75.186
leftsubnet=192.168.107.0/24
leftsourceip=192.168.107.200
leftnexthop=217.0.117.3
authby=secret
auto=start
The Systemvariables passed to _updown looks like this:
PLUTO_CONNECTION=N_MD.N_HRO
PLUTO_INTERFACE=ppp0
PLUTO_ME=87.173.75.186
PLUTO_MY_CLIENT=192.168.107.0/24
PLUTO_MY_CLIENT_MASK=255.255.255.0
PLUTO_MY_CLIENT_NET=192.168.107.0
PLUTO_MY_ID=87.173.75.186
PLUTO_MY_PORT=0
PLUTO_MY_PROTOCOL=0
PLUTO_MY_SOURCEIP=192.168.107.200
PLUTO_NEXT_HOP=87.234.xxx.218 ????? wrong side
?????
PLUTO_PEER=87.234.xxx.218
PLUTO_PEER_CA=
PLUTO_PEER_CLIENT=192.168.105.0/24
PLUTO_PEER_CLIENT_MASK=255.255.255.0
PLUTO_PEER_CLIENT_NET=192.168.105.0
PLUTO_PEER_ID=87.234.xxx.218
PLUTO_PEER_PORT=0
PLUTO_PEER_PROTOCOL=0
PLUTO_REQID=16385
PLUTO_VERB=route-client
PLUTO_VERSION=1.1
Now i found out that PLUTO_NEXT_HOP is equivalent with PLUTO_PEER. Is
this right?
If I modify _updown to ignore the via x.x.x.x then it works without any
problem.
But why is PLUTO_NEXT_HOP not the leftnexthop=xx.xx.xx.xx or
leftnexthop=%defaultroute from my config?
Regards, Danny
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100827/fc7dba0d/attachment.html>
More information about the Users
mailing list