[strongSwan] Problem connecting to a Cisco Unity gateway

[Bas van Dijk]

Hello,

I recently changed something in my network setup (I added an IP
address to eth0) and now charon can't add the route to the rightsubnet
(10.180.0.0/24) anymore. This is the relevant log output from the KNL
subsystem:

getting a local address in traffic selector 172.16.48.16/28
using host 172.16.48.17
using 136.243.17.1 as nexthop to reach 213.163.70.4/32
136.243.25.108 is on interface eth0
installing route: 10.180.0.0/24 via 136.243.17.1 src 172.16.48.17 dev eth0
getting iface index for eth0
received netlink error: Network is unreachable (101)

If I try to do add the route manually I get the same error:

# ip route add  10.180.0.0/24 via 136.243.17.1 src 172.16.48.17 dev eth0
RTNETLINK answers: Network is unreachable

I don't completely understand the error message. What network is unreachable?

Regards,

Bas


On 21 March 2015 at 12:21, Bas van Dijk <v.dijk.bas at gmail.com> wrote:
> Hi Tobias,
>
> I added the address to `eth0` and now strongswan inserts the proper
> route. So I think I'm all set!
>
> Thanks for your insightful help,
>
> Bas
>
> On 20 March 2015 at 18:54, Tobias Brunner <tobias at strongswan.org> wrote:
>> Hi Bas,
>>
>>> My question now is to which interface should I attach 172.16.48.17?
>>
>> It doesn't really matter.  If you don't actually suffer from #197 [1],
>> i.e. if you use strongSwan 5.0.1 or newer, you can add it to `lo`.
>> Adding it to eth0 does work too, that's what strongSwan does by default
>> when it installs virtual IPs it gets assigned dynamically from other
>> peers [2].  Routers on the Internet won't route packets with that
>> destination address to your host so it doesn't make much of a difference
>> if you install it on an interface connected to it or not.
>>
>> Regards,
>> Tobias
>>
>> [1] https://wiki.strongswan.org/issues/197
>> [2] https://wiki.strongswan.org/projects/strongswan/wiki/VirtualIp
>>