[strongSwan] Unable to install source route on dual WAN

Branislav Bozgai brano at tekux.com
Wed Jun 21 15:02:59 CEST 2017 

Hi.

I'm running Ubiquiti EdgeRouter 1.9.7-beta1 that is running strongSwan
5.2.2, Linux 3.10.14-UBNT, mips.

In dual-wan environment where pppoe0 is primary WAN and eth2 is fail-over
only WAN  the system won't populate table 220. Not sure why, below are some
relevant config and log pieces.

Any help/direction appreciated. Thank you

---
charon.log
Jun 20 22:11:36 00[DMN] Starting IKE charon daemon (strongSwan 5.2.2, Linux
3.10.14-UBNT, mips)
Jun 20 22:11:37 00[KNL] known interfaces and IP addresses:
Jun 20 22:11:37 00[KNL]   lo
Jun 20 22:11:37 00[KNL]     127.0.0.1
Jun 20 22:11:37 00[KNL]     ::1
Jun 20 22:11:37 00[KNL]   switch0
Jun 20 22:11:37 00[KNL]     fe80::822a:a8ff:fe1f:7c36
Jun 20 22:11:37 00[KNL]   imq0
Jun 20 22:11:37 00[KNL]   eth0
Jun 20 22:11:37 00[KNL]     fe80::822a:a8ff:fe1f:7c30
Jun 20 22:11:37 00[KNL]   eth1
Jun 20 22:11:37 00[KNL]     10.10.8.1
Jun 20 22:11:37 00[KNL]     fe80::822a:a8ff:fe1f:7c31
Jun 20 22:11:37 00[KNL]   eth2
Jun 20 22:11:37 00[KNL]     172.16.16.1
Jun 20 22:11:37 00[KNL]     fe80::822a:a8ff:fe1f:7c32
Jun 20 22:11:37 00[KNL]   eth3
Jun 20 22:11:37 00[KNL]   eth4
Jun 20 22:11:37 00[KNL]     192.168.250.1
Jun 20 22:11:37 00[KNL]   eth5
Jun 20 22:11:37 00[KNL]   eth0.2
Jun 20 22:11:37 00[KNL]     10.10.11.1
Jun 20 22:11:37 00[KNL]     fe80::822a:a8ff:fe1f:7c30
Jun 20 22:11:37 00[KNL]   eth0.1
Jun 20 22:11:37 00[KNL]     10.10.10.1
Jun 20 22:11:37 00[KNL]     fe80::822a:a8ff:fe1f:7c30
Jun 20 22:11:37 00[KNL]   vtun0
Jun 20 22:11:37 00[KNL]     10.10.254.1
Jun 20 22:11:37 00[KNL]   pppoe0
Jun 20 22:11:37 00[KNL]     23.91.155.88
Jun 20 22:11:41 09[KNL] 212.89.228.31 is not a local address or the
interface is down
Jun 20 22:11:41 11[KNL] using 23.91.155.88 as address to reach
212.89.228.31/32
Jun 20 22:11:41 11[KNL] adding policy 10.10.10.0/24 === 10.0.0.0/24 out
 (mark 0/0x00000000)
Jun 20 22:11:41 11[KNL] adding policy 10.0.0.0/24 === 10.10.10.0/24 in
 (mark 0/0x00000000)
Jun 20 22:11:41 11[KNL] adding policy 10.0.0.0/24 === 10.10.10.0/24 fwd
 (mark 0/0x00000000)
Jun 20 22:11:41 11[KNL] getting a local address in traffic selector
10.10.10.0/24
Jun 20 22:11:41 11[KNL] using host 10.10.10.1
Jun 20 22:11:41 11[KNL] using 212.89.228.31 as nexthop to reach
212.89.228.31/32
Jun 20 22:11:41 11[KNL] 23.91.155.88 is on interface pppoe0
Jun 20 22:11:41 11[KNL] installing route: 10.0.0.0/24 via 212.89.228.31 src
10.10.10.1 dev pppoe0
Jun 20 22:11:41 11[KNL] getting iface index for pppoe0
Jun 20 22:11:41 11[KNL] unable to install source route for 10.10.10.1
---

# ip route
0.0.0.0/24 dev vtun0  proto kernel  scope link
default dev pppoe0  proto zebra
10.8.0.0/24 via 172.16.16.3 dev eth2  proto zebra
10.10.8.0/24 dev eth1  proto kernel  scope link  src 10.10.8.1
10.10.10.0/24 dev eth0.1  proto kernel  scope link  src 10.10.10.1
10.10.11.0/24 dev eth0.2  proto kernel  scope link  src 10.10.11.1
10.10.254.0/24 dev vtun0  proto kernel  scope link  src 10.10.254.1
23.91.155.88 dev pppoe0  proto kernel  scope link
135.23.39.0/24 via 172.16.16.3 dev eth2  proto zebra


172.16.16.0/24 dev eth2  proto kernel  scope link  src 172.16.16.1


172.17.0.0/16 via 172.16.16.3 dev eth2  proto zebra


192.168.1.0/24 via 172.16.16.5 dev eth2  proto zebra


192.168.32.0/24 via 172.16.16.3 dev eth2  proto zebra


192.168.33.0/24 via 172.16.16.3 dev eth2  proto zebra


192.168.250.0/24 dev eth4  proto kernel  scope link  src 192.168.250.1


206.248.155.244 dev pppoe0  proto kernel  scope link  src 23.91.155.88

My load-balancing wan specific tables are 201 and 202
# ip rule
0:      from all lookup local
201:    from all fwmark 0x64800000/0x7f800000 lookup 201
202:    from all fwmark 0x65000000/0x7f800000 lookup 202
220:    not from all fwmark 0xffffffff lookup 220
254:    from all fwmark 0x7f000000/0x7f800000 lookup main
32766:  from all lookup main
32767:  from all lookup default

# ip route list table 201
0.0.0.0/24 dev vtun0  scope link
default via 172.16.16.3 dev eth2
blackhole default  metric 256
10.10.8.0/24 dev eth1  scope link
10.10.10.0/24 dev eth0.1  scope link
10.10.11.0/24 dev eth0.2  scope link
10.10.254.0/24 dev vtun0  scope link
23.91.155.88 dev pppoe0  scope link
127.0.0.0/8 dev lo  scope link
172.16.16.0/24 dev eth2  scope link
206.248.155.244 dev pppoe0  scope link

# ip route list table 202
0.0.0.0/24 dev vtun0  scope link
default dev pppoe0  scope link
blackhole default  metric 256
10.10.8.0/24 dev eth1  scope link
10.10.10.0/24 dev eth0.1  scope link
10.10.11.0/24 dev eth0.2  scope link
10.10.254.0/24 dev vtun0  scope link
23.91.155.88 dev pppoe0  scope link
127.0.0.0/8 dev lo  scope link
172.16.16.0/24 dev eth2  scope link
206.248.155.244 dev pppoe0  scope link

# ifconfig pppoe0
pppoe0    Link encap:Point-to-Point Protocol
         inet addr:23.91.155.88  P-t-P:206.248.155.244
 Mask:255.255.255.255
         UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
         RX packets:18322883 errors:0 dropped:0 overruns:0 frame:0
         TX packets:26636643 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:100
         RX bytes:6601840681 (6.1 GiB)  TX bytes:33442132686 (31.1 GiB)

# ifconfig eth2
eth2      Link encap:Ethernet  HWaddr 80:2a:a8:1f:7c:32
         inet addr:172.16.16.1  Bcast:172.16.16.255  Mask:255.255.255.0
         inet6 addr: fe80::822a:a8ff:fe1f:7c32/64 Scope:Link
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:3680666 errors:0 dropped:6596 overruns:0 frame:0
         TX packets:6714323 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:299818848 (285.9 MiB)  TX bytes:9448033589 (8.7 GiB)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170621/ea67e93e/attachment-0001.html>

More information about the Users mailing list