[strongSwan] Problem connecting to a Cisco Unity gateway

[Bas van Dijk]

On 26 April 2015 at 23:46, Miroslav Svoboda <goodmirek at goodmirek.cz> wrote:
> Huh, it is a bit complicated.
> Routing table 220 empty... is not good most probably, but cannot help to fix
> it.

Routing table 220 is probably empty because strongswan fails to add a
route to it because of the "Network is unreachable (101)" error. Which
is the same error I get when I try to add the route manually.

> I would need to see configuration and packet dump to understand what packets
> go from where to there.

My network configuration boils down to the following sequence of commands:

ip link set "eth0" up

ip addr add "136.243.25.125/32" dev "eth0"
ip addr add "136.243.25.108/32" dev "eth0"
ip addr add "172.16.48.17/28" dev "eth0"
ip addr add "136.243.17.41/26" dev "eth0"

ip route add default via "136.243.17.1"

ip -6 addr add '2a01:4f8:211:2aa8::/64' dev 'eth0'
ip -4 route change '136.243.17.0/26' via '136.243.17.1' dev 'eth0'
ip -6 route add default via 'fe80::1' dev eth0

I'll look into making a packet dump.

> Anyway, it looks strange to me to route traffic into my own physical segment
> via gateway: 136.243.17.0/26 via 136.243.17.1 dev eth0
> But it will probably not help you.

I'm running my machine in a Hetzner data center where it's required to
route all traffic (including traffic to my own subnet) to the gateway.
(See: http://wiki.hetzner.de/index.php/Netzkonfiguration_Debian/en)

I also tried deleting that route and trying again but I got the same error:

# ip route del 136.243.17.0/26 via 136.243.17.1 dev eth0
# ip route add  10.180.0.0/24 via 136.243.17.1 src 172.16.48.17 dev eth0
RTNETLINK answers: Network is unreachable

> Did you try to use lo:0 instead of eth0 for all you "loopback" addresses?

Adding it to "lo" yields the same error:

# ip addr add 172.16.48.17/28 dev lo
# ip route add 10.180.0.0/24 via 136.243.17.1 src 172.16.48.17 dev eth0
RTNETLINK answers: Network is unreachable

Cheers,

Bas