[strongSwan] route in table 220 disappears on external IP address change
Tobias Brunner
tobias at strongswan.org
Fri Nov 4 11:10:46 CET 2011
Hi Mirko,
> During the IP update, this route was removed, but it was not restored
> by charon when the new IP appeared on the external interface.
> This made the tunnel SA unusable. After restoring the route manually,
> the tunnel worked again.
In your log, this is the first time the route is installed:
Oct 28 13:42:30 moon charon: 16[KNL] getting a local address in traffic selector 10.1.0.0/16
Oct 28 13:42:30 moon charon: 16[KNL] using host 10.1.0.1
Oct 28 13:42:30 moon charon: 16[KNL] getting address to reach 192.168.0.2
Oct 28 13:42:30 moon charon: 16[KNL] getting interface name for 192.168.0.1
Oct 28 13:42:30 moon charon: 16[KNL] 192.168.0.1 is on interface eth0
Oct 28 13:42:30 moon charon: 16[KNL] installing route: 10.2.0.0/16 via 192.168.0.2 src 10.1.0.1 dev eth0
Now, this route is cached for the policy and it is not installed again,
if it does not change. The problem is that it doesn't. You see, when
the external address changes this is what happens when the route should
be installed again:
Oct 28 13:46:28 moon charon: 14[KNL] getting a local address in traffic selector 10.1.0.0/16
Oct 28 13:46:28 moon charon: 14[KNL] using host 10.1.0.1
Oct 28 13:46:28 moon charon: 14[KNL] getting address to reach 192.168.0.2
Oct 28 13:46:28 moon charon: 14[KNL] getting interface name for 192.168.0.11
Oct 28 13:46:28 moon charon: 14[KNL] 192.168.0.11 is on interface eth0
So the route to be installed now is
10.2.0.0/16 via 192.168.0.2 src 10.1.0.1 dev eth0
and, well, that's exactly the route cached before. So the kernel
interface doesn't bother installing it again. I changed this now so
that a cached route is silently installed again (ignoring the result
in the process).
Regards,
Tobias
More information about the Users
mailing list