Hello list, i ugpraded the libreswan packages to 3.25 from the Libreswan repositories, as there seemed to be a revamped _updown.netkey script in the package...
but it still fails with a wrong route target while trying to route it. Is this supposed to fail? Is the routing command really supposed to use PLUTO_NEXTHOP in a vti configuration? Because only the real interface sees PLUTO_NEXTHOP - the vti device uses PLUTO_PEER as PtP-Remote-IP. If the script used PLUTO_PEER instead, it might work? Still confused... Best Regards Heiko Von: Swan <[email protected]> Im Auftrag von Heiko Helmle Gesendet: Freitag, 6. Juli 2018 14:22 An: [email protected] Betreff: [Swan] vti - route script fails with wrong address Hello Libreswan-Users, i'm having trouble trying out vti-based tunnels. I'm using libreswan-3.23-5.el7_5.x86_64 - (from the CentOS repos). Connection is roughly this: Left = %defaultroute Leftsourcip, leftsubnet and rightsubnet are defined Vti-interface and mark are defined. Ipsec auto -add works, but Ipsec auto -route fails: route-client output: /usr/libexec/ipsec/_updown.netkey: doroute "ip route replace (rightsubnet) via (defaultroute) dev (vti-interface) src (leftsourceip)" failed (RTNETLINK answers: Network is unreachable) The script is trying to use the (real) interface's default route as a routing target on the vti device - and fails. Could anyone point me where I'd have to look closer? Or is vti only supposed to work with left/rightsubnet set to 0.0.0.0? Best Regards Heiko
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
