[strongSwan] Problem connecting to a Cisco Unity gateway

Miroslav Svoboda goodmirek at goodmirek.cz
Sun Apr 26 08:26:59 CEST 2015 

Hi,

Please can you add output of:
ip route show
ip route show table 220
ip xfrm state
ip a

Are you able to successfully do:
ip route add 10.180.0.0/24 via 172.16.48.17
?

Miroslav

On Saturday, April 25, 2015 at 6:24:45 PM UTC+2, Bas van Dijk wrote:
>
> Hello, 
>
> I recently changed something in my network setup (I added an IP 
> address to eth0) and now charon can't add the route to the rightsubnet 
> (10.180.0.0/24) anymore. This is the relevant log output from the KNL 
> subsystem: 
>
> getting a local address in traffic selector 172.16.48.16/28 
> using host 172.16.48.17 
> using 136.243.17.1 as nexthop to reach 213.163.70.4/32 
> 136.243.25.108 is on interface eth0 
> installing route: 10.180.0.0/24 via 136.243.17.1 src 172.16.48.17 dev 
> eth0 
> getting iface index for eth0 
> received netlink error: Network is unreachable (101) 
>
> If I try to do add the route manually I get the same error: 
>
> # ip route add  10.180.0.0/24 via 136.243.17.1 src 172.16.48.17 dev eth0 
> RTNETLINK answers: Network is unreachable 
>
> I don't completely understand the error message. What network is 
> unreachable? 
>
> Regards, 
>
> Bas 
>
>
> On 21 March 2015 at 12:21, Bas van Dijk <v.dijk.bas at gmail.com> wrote: 
> > Hi Tobias, 
> > 
> > I added the address to `eth0` and now strongswan inserts the proper 
> > route. So I think I'm all set! 
> > 
> > Thanks for your insightful help, 
> > 
> > Bas 
> > 
> > On 20 March 2015 at 18:54, Tobias Brunner <tobias at strongswan.org> 
> wrote: 
> >> Hi Bas, 
> >> 
> >>> My question now is to which interface should I attach 172.16.48.17? 
> >> 
> >> It doesn't really matter.  If you don't actually suffer from #197 [1], 
> >> i.e. if you use strongSwan 5.0.1 or newer, you can add it to `lo`. 
> >> Adding it to eth0 does work too, that's what strongSwan does by default 
> >> when it installs virtual IPs it gets assigned dynamically from other 
> >> peers [2].  Routers on the Internet won't route packets with that 
> >> destination address to your host so it doesn't make much of a 
> difference 
> >> if you install it on an interface connected to it or not. 
> >> 
> >> Regards, 
> >> Tobias 
> >> 
> >> [1] https://wiki.strongswan.org/issues/197 
> >> [2] https://wiki.strongswan.org/projects/strongswan/wiki/VirtualIp 
> >> 
> _______________________________________________ 
> Users mailing list 
> Users at lists.strongswan.org 
> https://lists.strongswan.org/mailman/listinfo/users 
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20150425/486e8450/attachment-0001.html>

More information about the Users mailing list