Thanks, could you please file a bug. The code found next hop - look for please call again - but then really failed trying to find the local interface.
(Mumble something about ietf week) On Fri., Oct. 31, 2025, 1:24 p.m. Skye Dobson, <[email protected]> wrote: > > Sorry, I should have mentioned --debug, as in: > > ipsec showroute --debug 2404:9400:3:0:216:3eff:fee8:a03 > > and to run it before the connection establishes (even without pluto > running). > > > > It runs the code used to resolve %defaultroute. > > > > (there's also the undocumented debug=updown which runs the script with > -v -x.) > > > > It's sounding a lot like breakage in the %defaultroute code. > > --- > # ipsec showroute --debug 2404:9400:3:0:216:3eff:fee8:a03 > > | resolving family=IPv6 this=%defaultroute thisnexthop=%defaultroute > (peer) that=<address> > | seeking GATEWAY > | query GETROUTE+REQUEST+ROOT+MATCH > | add RTA_DST <unset-address> (peer->host.addr(ip)) > | opening non-blocking netlink socket > | sent 32 byte netlink message > | reading into 32768 byte buffer > | processing 2436 byte response > | parsing route entry (RTA payloads) > | RTA_TABLE=254 > | RTA_DST=::1 > | RTA_PRIORITY=256 > | RTA_PREF=0 > | using src=<unset-address> prefsrc=<unset-address> > gateway=<unset-address> dst=::1 dev='lo' priority=256 pref=0 table=254 > +cacheinfo > | parsing route entry (RTA payloads) > | RTA_TABLE=254 > | RTA_DST=2403:5805:3555:: > | RTA_PRIORITY=102 > | RTA_PREF=0 > | using src=<unset-address> prefsrc=<unset-address> > gateway=<unset-address> dst=2403:5805:3555:: dev='eth0' priority=102 > pref=0 table=254 +cacheinfo > | parsing route entry (RTA payloads) > | RTA_TABLE=254 > | RTA_DST=2403:5805:3555:10:: > | RTA_PRIORITY=101 > | RTA_PREF=0 > | using src=<unset-address> prefsrc=<unset-address> > gateway=<unset-address> dst=2403:5805:3555:10:: dev='eth1' priority=101 > pref=0 table=254 +cacheinfo > | parsing route entry (RTA payloads) > | RTA_TABLE=254 > | RTA_DST=fe80:: > | RTA_PRIORITY=1024 > | RTA_PREF=0 > | using src=<unset-address> prefsrc=<unset-address> > gateway=<unset-address> dst=fe80:: dev='eth1' priority=1024 pref=0 > table=254 +cacheinfo > | parsing route entry (RTA payloads) > | RTA_TABLE=254 > | RTA_DST=fe80:: > | RTA_PRIORITY=1024 > | RTA_PREF=0 > | using src=<unset-address> prefsrc=<unset-address> > gateway=<unset-address> dst=fe80:: dev='eth1.10' priority=1024 pref=0 > table=254 +cacheinfo > | parsing route entry (RTA payloads) > | RTA_TABLE=254 > | RTA_DST=fe80:: > | RTA_PRIORITY=1024 > | RTA_PREF=0 > | using src=<unset-address> prefsrc=<unset-address> > gateway=<unset-address> dst=fe80:: dev='eth0' priority=1024 pref=0 > table=254 +cacheinfo > | parsing route entry (RTA payloads) > | RTA_TABLE=254 > | RTA_PRIORITY=1024 > | RTA_GATEWAY=fe80::a691:b1ff:fed4:dc56 > | RTA_PREF=0 > | using src=<unset-address> prefsrc=<unset-address> > gateway=fe80::a691:b1ff:fed4:dc56 dst=<unset-address> dev='eth0' > priority=1024 pref=0 table=254 +cacheinfo > | found gateway(host_nexthop): fe80::a691:b1ff:fed4:dc56 > | reading into 32768 byte buffer > | processing 20 byte response > | DONE > | please-call-again this=%defaultroute > thisnexthop=fe80::a691:b1ff:fed4:dc56<address> > | resolving family=IPv6 this=%defaultroute > thisnexthop=fe80::a691:b1ff:fed4:dc56<address> (peer) that=<address> > | seeking PREFSRC > | query GETROUTE+REQUEST > | add RTA_DST <unset-address> (peer->host.addr(ip)) > | opening non-blocking netlink socket > | sent 32 byte netlink message > | reading into 32768 byte buffer > | processing 52 byte response > | ERROR > ipsec showroute: 2404:9400:3:0:216:3eff:fee8:a03: source failed > --- > > > >
_______________________________________________ Swan mailing list -- [email protected] To unsubscribe send an email to [email protected]
