Hi,
On 26/09/2016 6:13 AM, Tuomo Soini wrote:
On Mon, 19 Sep 2016 21:50:55 +1000
Reuben Farrelly <[email protected]> wrote:
Hi,
I've been experimenting today with Vti based configuration and run
into a few problems.
The libreswan config looks like this:
conn router-2.reub.net
left=139.162.51.249
[email protected]
leftsubnet=0.0.0.0/0
leftsourceip=192.168.6.1
^^^^^^^^^^^^^^^^^^^^^^^^
Here is your config error. That always causes routing. So
vti-routing=no below is ignored because sourceip functionality doesn't
work at all without routing which forces routing.
Unfortunately this hasn't fixed the problem with the 0.0.0.0/1 routes
being added.
Still seeing this:
lightning ~ # ip route
0.0.0.0/1 dev vti-1 scope link mtu 1438
default via 139.162.51.1 dev eth0 metric 3
127.0.0.0/8 dev lo scope host
127.0.0.0/8 via 127.0.0.1 dev lo
128.0.0.0/1 dev vti-1 scope link mtu 1438
139.162.51.0/24 dev eth0 proto kernel scope link src 139.162.51.249
192.168.6.0/30 dev vti-1 proto kernel scope link src 192.168.6.1
lightning ~ #
This is my config, which now does not have the leftsourceip specified
anywhere:
conn router-2.reub.net
left=139.162.51.249
[email protected]
leftsubnet=0.0.0.0/0
right=%any
[email protected]
rightsubnet=0.0.0.0/0
authby=secret
ikev2=insist
ikelifetime=86400s
salifetime=3600s
ike=aes256-sha1;modp1536
phase2alg=aes128-sha1;modp1536
mtu=1438
dpddelay=15
dpdtimeout=45
dpdaction=clear
auto=add
mark=12/0xffffff
vti-interface=vti-1
leftvti=192.168.6.1/30
This of course completely cuts of access via the non-VTI interface to
the box.
With or without vti-routing=no specified I still see the same problem,
ie the 0.0.0.0/1 route and 127.0.0.0/1 route added.
Reuben
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan