On Fri, 12 Dec 2014, Elison Niven wrote:
Subject: [Swan] Error ”cannot install eroute” when rekey/reconnect from the
same IP (for L2TP)
Is this fixed now ?
https://lists.openswan.org/pipermail/users/2010-April/018685.html
I changed this test case:
https://github.com/libreswan/libreswan/tree/master/testing/pluto/l2tp-02-netkey
to simulate your scenario using:
ipsec auto --up north-east-l2tp
echo "c server" > /var/run/xl2tpd/l2tp-control
sleep 5
ipsec look
: ==== cut ====
cat /tmp/xl2tpd.log
: ==== tuc ====
ping -c 4 -n 192.0.2.254
# testing passthrough plaintext
echo quit | nc 192.0.2.254 22
ip addr show dev ppp0
sleep 5
echo "d server" > /var/run/xl2tpd/l2tp-control
ipsec auto --down north-east-l2tp
sleep 5
ipsec auto --up north-east-l2tp
echo "c server" > /var/run/xl2tpd/l2tp-control
sleep 5
ipsec look
echo done
This worked fine. Both the first IPsec and PPP and the second IPsec and
PPP came up successfully. Since it uses RSA, I then modified it to use
PSK. But it still worked.
Is there a chance you can try and test this with libreswan-3.12 ?
Paul
I'm not sure if that fully reproduced your
connection from behind NAT? This connection used RSA, not PSK.
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
