[strongSwan] Issue with network unreachable.
Dees
motosingh at yahoo.co.uk
Wed Oct 19 00:21:06 CEST 2016
hi All,
We are having this issue with route addition. Eth3 is loop back interface. Any clues why?
Oct 18 14:26:46 ubuntu-28 charon: 07[CFG] selected proposal: ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQOct 18 14:26:46 ubuntu-28 charon: 07[KNL] getting SPI for reqid {1}Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] got SPI cdde868a for reqid {1}Oct 18 14:26:46 ubuntu-28 charon: 07[CFG] selecting traffic selectors for us:Oct 18 14:26:46 ubuntu-28 charon: 07[CFG] config: 0.0.0.0/0, received: 0.0.0.0/0 => match: 0.0.0.0/0Oct 18 14:26:46 ubuntu-28 charon: 07[CFG] selecting traffic selectors for other:Oct 18 14:26:46 ubuntu-28 charon: 07[CFG] config: 100.120.120.1/32, received: 0.0.0.0/0 => match: 100.120.120.1/32Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] adding SAD entry with SPI cdde868a and reqid {1} (mark 0/0x00000000)Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] using encryption algorithm AES_CBC with key size 128Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] using integrity algorithm HMAC_SHA1_96 with key size 160Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] using replay window of 32 packetsOct 18 14:26:46 ubuntu-28 charon: 07[KNL] adding SAD entry with SPI c832aca7 and reqid {1} (mark 0/0x00000000)Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] using encryption algorithm AES_CBC with key size 128Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] using integrity algorithm HMAC_SHA1_96 with key size 160Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] using replay window of 32 packetsOct 18 14:26:46 ubuntu-28 charon: 07[KNL] adding policy 0.0.0.0/0 === 100.120.120.1/32 out (mark 0/0x00000000)Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] adding policy 100.120.120.1/32 === 0.0.0.0/0 in (mark 0/0x00000000)Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] adding policy 100.120.120.1/32 === 0.0.0.0/0 fwd (mark 0/0x00000000)Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] getting a local address in traffic selector 0.0.0.0/0Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] using host %anyOct 18 14:26:46 ubuntu-28 charon: 07[KNL] using 10.0.10.1 as nexthop to reach 173.38.168.235Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] 128.107.252.138 is on interface eth3Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] installing route: 100.120.120.1/32 via 10.0.10.1 src %any dev eth3Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] getting iface index for eth3Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] received netlink error: Network is unreachable (101)Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] unable to install source route for %anyOct 18 14:26:46 ubuntu-28 charon: 07[KNL] policy 0.0.0.0/0 === 100.120.120.1/32 out (mark 0/0x00000000) already exists, increasing refcountOct 18 14:26:46 ubuntu-28 charon: 07[KNL] updating policy 0.0.0.0/0 === 100.120.120.1/32 out (mark 0/0x00000000)Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] policy 100.120.120.1/32 === 0.0.0.0/0 in (mark 0/0x00000000) already exists, increasing refcountOct 18 14:26:46 ubuntu-28 charon: 07[KNL] updating policy 100.120.120.1/32 === 0.0.0.0/0 in (mark 0/0x00000000)Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] policy 100.120.120.1/32 === 0.0.0.0/0 fwd (mark 0/0x00000000) already exists, increasing refcountOct 18 14:26:46 ubuntu-28 charon: 07[KNL] updating policy 100.120.120.1/32 === 0.0.0.0/0 fwd (mark 0/0x00000000)Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] getting a local address in traffic selector 0.0.0.0/0Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] using host %anyOct 18 14:26:46 ubuntu-28 charon: 07[KNL] using 10.0.10.1 as nexthop to reach 173.38.168.235Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] 128.107.252.138 is on interface eth3Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] installing route: 100.120.120.1/32 via 10.0.10.1 src %any dev eth3Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] getting iface index for eth3Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] received netlink error: Network is unreachable (101)Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] unable to install source route for %anyOct 18 14:26:46 ubuntu-28 charon: 07[IKE] CHILD_SA certs-only{1} established with SPIs cdde868a_i c832aca7_o and TS 0.0.0.0/0 === 100.120.120.1/32 O^Croot at ubuntu-28:/etc# show ip addressThe program 'show' is currently not installed. You can install it by typing:apt-get install nmhroot at ubuntu-28:/etc# ip addres show1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether b8:38:61:7c:24:9e brd ff:ff:ff:ff:ff:ff inet 10.0.10.28/24 brd 10.0.10.255 scope global eth0 valid_lft forever preferred_lft forever inet6 2001:420:81:ff99:ba38:61ff:fe7c:249e/64 scope global dynamic valid_lft 2591962sec preferred_lft 604762sec inet6 fe80::ba38:61ff:fe7c:249e/64 scope link valid_lft forever preferred_lft forever3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq state UP group default qlen 1000 link/ether b8:38:61:7c:24:9f brd ff:ff:ff:ff:ff:ff inet 10.0.0.1/24 brd 10.0.0.255 scope global eth1 valid_lft forever preferred_lft forever inet6 fe80::ba38:61ff:fe7c:249f/64 scope link valid_lft forever preferred_lft forever4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether b8:38:61:7c:24:a0 brd ff:ff:ff:ff:ff:ff inet6 fe80::ba38:61ff:fe7c:24a0/64 scope link valid_lft forever preferred_lft forever5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether b8:38:61:7c:24:a1 brd ff:ff:ff:ff:ff:ff inet 128.107.252.138/32 brd 128.107.252.138 scope global eth3 valid_lft forever preferred_lft forever inet6 fe80::ba38:61ff:fe7c:24a1/64 scope link valid_lft forever preferred_lft forever6: eth1.11 at eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether b8:38:61:7c:24:9f brd ff:ff:ff:ff:ff:ff inet 10.11.0.2/21 brd 10.11.7.255 scope global eth1.11 valid_lft forever preferred_lft forever inet6 fe80::ba38:61ff:fe7c:249f/64 scope link valid_lft forever preferred_lft forever7: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 9a:3c:ae:a4:ab:77 brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 valid_lft forever preferred_lft foreverroot at ubuntu-28:/etc# netstat -rnKernel IP routing tableDestination Gateway Genmask Flags MSS Window irtt Iface0.0.0.0 10.0.10.1 0.0.0.0 UG 0 0 0 eth010.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth110.0.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth010.0.20.0 10.0.10.1 255.255.255.0 UG 0 0 0 eth010.11.0.0 0.0.0.0 255.255.248.0 U 0 0 0 eth1.11100.120.120.5 10.0.10.1 255.255.255.255 UGH 0 0 0 eth0169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth3192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
ipsec.conf
conn %default rekey=no ikelifetime=25m keylife=0 rekeymargin=2m rekeyfuzz=0% keyingtries=1 keyexchange=ikev2 dpdaction=clear dpddelay=270 mobike=no conn certs-only left=testcert.com leftcert=testcert.cer leftid=@testcert.com leftsubnet=0.0.0.0/0 leftfirewall=yes ike=aes128-sha1-modp1024! esp=aes128-sha1! leftauth=rsasig rightauth=rsasig rightid=%any rightsourceip=100.120.120.0/24 auto=add
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20161018/3f9f7fe7/attachment-0001.html>
More information about the Users
mailing list