hi All,
We are having this issue with route addition. Eth3 is loop back interface. Any
clues why?
Oct 18 14:26:46 ubuntu-28 charon: 07[CFG] selected proposal:
ESP:AES_CBC_128/HMAC_SHA1_96/NO_EXT_SEQOct 18 14:26:46 ubuntu-28 charon:
07[KNL] getting SPI for reqid {1}Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] got
SPI cdde868a for reqid {1}Oct 18 14:26:46 ubuntu-28 charon: 07[CFG] selecting
traffic selectors for us:Oct 18 14:26:46 ubuntu-28 charon: 07[CFG] config:
0.0.0.0/0, received: 0.0.0.0/0 => match: 0.0.0.0/0Oct 18 14:26:46 ubuntu-28
charon: 07[CFG] selecting traffic selectors for other:Oct 18 14:26:46 ubuntu-28
charon: 07[CFG] config: 100.120.120.1/32, received: 0.0.0.0/0 => match:
100.120.120.1/32Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] adding SAD entry with
SPI cdde868a and reqid {1} (mark 0/0x00000000)Oct 18 14:26:46 ubuntu-28
charon: 07[KNL] using encryption algorithm AES_CBC with key size 128Oct 18
14:26:46 ubuntu-28 charon: 07[KNL] using integrity algorithm HMAC_SHA1_96
with key size 160Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] using replay
window of 32 packetsOct 18 14:26:46 ubuntu-28 charon: 07[KNL] adding SAD entry
with SPI c832aca7 and reqid {1} (mark 0/0x00000000)Oct 18 14:26:46 ubuntu-28
charon: 07[KNL] using encryption algorithm AES_CBC with key size 128Oct 18
14:26:46 ubuntu-28 charon: 07[KNL] using integrity algorithm HMAC_SHA1_96
with key size 160Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] using replay
window of 32 packetsOct 18 14:26:46 ubuntu-28 charon: 07[KNL] adding policy
0.0.0.0/0 === 100.120.120.1/32 out (mark 0/0x00000000)Oct 18 14:26:46
ubuntu-28 charon: 07[KNL] adding policy 100.120.120.1/32 === 0.0.0.0/0 in
(mark 0/0x00000000)Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] adding policy
100.120.120.1/32 === 0.0.0.0/0 fwd (mark 0/0x00000000)Oct 18 14:26:46
ubuntu-28 charon: 07[KNL] getting a local address in traffic selector
0.0.0.0/0Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] using host %anyOct 18
14:26:46 ubuntu-28 charon: 07[KNL] using 10.0.10.1 as nexthop to reach
173.38.168.235Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] 128.107.252.138 is on
interface eth3Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] installing route:
100.120.120.1/32 via 10.0.10.1 src %any dev eth3Oct 18 14:26:46 ubuntu-28
charon: 07[KNL] getting iface index for eth3Oct 18 14:26:46 ubuntu-28 charon:
07[KNL] received netlink error: Network is unreachable (101)Oct 18 14:26:46
ubuntu-28 charon: 07[KNL] unable to install source route for %anyOct 18
14:26:46 ubuntu-28 charon: 07[KNL] policy 0.0.0.0/0 === 100.120.120.1/32 out
(mark 0/0x00000000) already exists, increasing refcountOct 18 14:26:46
ubuntu-28 charon: 07[KNL] updating policy 0.0.0.0/0 === 100.120.120.1/32 out
(mark 0/0x00000000)Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] policy
100.120.120.1/32 === 0.0.0.0/0 in (mark 0/0x00000000) already exists,
increasing refcountOct 18 14:26:46 ubuntu-28 charon: 07[KNL] updating policy
100.120.120.1/32 === 0.0.0.0/0 in (mark 0/0x00000000)Oct 18 14:26:46 ubuntu-28
charon: 07[KNL] policy 100.120.120.1/32 === 0.0.0.0/0 fwd (mark 0/0x00000000)
already exists, increasing refcountOct 18 14:26:46 ubuntu-28 charon: 07[KNL]
updating policy 100.120.120.1/32 === 0.0.0.0/0 fwd (mark 0/0x00000000)Oct 18
14:26:46 ubuntu-28 charon: 07[KNL] getting a local address in traffic selector
0.0.0.0/0Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] using host %anyOct 18
14:26:46 ubuntu-28 charon: 07[KNL] using 10.0.10.1 as nexthop to reach
173.38.168.235Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] 128.107.252.138 is on
interface eth3Oct 18 14:26:46 ubuntu-28 charon: 07[KNL] installing route:
100.120.120.1/32 via 10.0.10.1 src %any dev eth3Oct 18 14:26:46 ubuntu-28
charon: 07[KNL] getting iface index for eth3Oct 18 14:26:46 ubuntu-28 charon:
07[KNL] received netlink error: Network is unreachable (101)Oct 18 14:26:46
ubuntu-28 charon: 07[KNL] unable to install source route for %anyOct 18
14:26:46 ubuntu-28 charon: 07[IKE] CHILD_SA certs-only{1} established with SPIs
cdde868a_i c832aca7_o and TS 0.0.0.0/0 === 100.120.120.1/32
O^Croot@ubuntu-28:/etc# show ip addressThe program 'show' is currently not
installed. You can install it by typing:apt-get install nmhroot@ubuntu-28:/etc#
ip addres show1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state
UNKNOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever
inet6 ::1/128 scope host valid_lft forever preferred_lft forever2:
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group
default qlen 1000 link/ether b8:38:61:7c:24:9e brd ff:ff:ff:ff:ff:ff inet
10.0.10.28/24 brd 10.0.10.255 scope global eth0 valid_lft forever
preferred_lft forever inet6 2001:420:81:ff99:ba38:61ff:fe7c:249e/64 scope
global dynamic valid_lft 2591962sec preferred_lft 604762sec inet6
fe80::ba38:61ff:fe7c:249e/64 scope link valid_lft forever preferred_lft
forever3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq state UP
group default qlen 1000 link/ether b8:38:61:7c:24:9f brd ff:ff:ff:ff:ff:ff
inet 10.0.0.1/24 brd 10.0.0.255 scope global eth1 valid_lft forever
preferred_lft forever inet6 fe80::ba38:61ff:fe7c:249f/64 scope link
valid_lft forever preferred_lft forever4: eth2:
<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen
1000 link/ether b8:38:61:7c:24:a0 brd ff:ff:ff:ff:ff:ff inet6
fe80::ba38:61ff:fe7c:24a0/64 scope link valid_lft forever preferred_lft
forever5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP
group default qlen 1000 link/ether b8:38:61:7c:24:a1 brd ff:ff:ff:ff:ff:ff
inet 128.107.252.138/32 brd 128.107.252.138 scope global eth3 valid_lft
forever preferred_lft forever inet6 fe80::ba38:61ff:fe7c:24a1/64 scope link
valid_lft forever preferred_lft forever6: eth1.11@eth1:
<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether b8:38:61:7c:24:9f brd ff:ff:ff:ff:ff:ff inet 10.11.0.2/21 brd
10.11.7.255 scope global eth1.11 valid_lft forever preferred_lft forever
inet6 fe80::ba38:61ff:fe7c:249f/64 scope link valid_lft forever
preferred_lft forever7: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500
qdisc noqueue state DOWN group default link/ether 9a:3c:ae:a4:ab:77 brd
ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global
virbr0 valid_lft forever preferred_lft foreverroot@ubuntu-28:/etc#
netstat -rnKernel IP routing tableDestination Gateway Genmask
Flags MSS Window irtt Iface0.0.0.0 10.0.10.1 0.0.0.0
UG 0 0 0 eth010.0.0.0 0.0.0.0 255.255.255.0 U
0 0 0 eth110.0.10.0 0.0.0.0 255.255.255.0 U
0 0 0 eth010.0.20.0 10.0.10.1 255.255.255.0 UG
0 0 0 eth010.11.0.0 0.0.0.0 255.255.248.0 U 0
0 0 eth1.11100.120.120.5 10.0.10.1 255.255.255.255 UGH 0
0 0 eth0169.254.0.0 0.0.0.0 255.255.0.0 U 0 0
0 eth3192.168.122.0 0.0.0.0 255.255.255.0 U 0 0
0 virbr0
ipsec.conf
conn %default rekey=no ikelifetime=25m keylife=0 rekeymargin=2m
rekeyfuzz=0% keyingtries=1 keyexchange=ikev2 dpdaction=clear
dpddelay=270 mobike=no conn certs-only left=testcert.com
leftcert=testcert.cer leftid=@testcert.com leftsubnet=0.0.0.0/0
leftfirewall=yes ike=aes128-sha1-modp1024! esp=aes128-sha1!
leftauth=rsasig rightauth=rsasig rightid=%any
rightsourceip=100.120.120.0/24 auto=add
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users