Re: [strongSwan] net-to-net with one gateway behind NAT

Tue, 16 Nov 2010 14:55:38 -0800 

Hi Martin,
I tried it again with Strongswan 4.3.2 (same version as when I reported the 
issue originally) and I can't see the error anymore. The only difference is 
that now I build and install from source and before I was using a package from 
the Debian repository. Maybe, this is why you could not reproduce it.

Thanks for your help,
Alexis 

Nov 16 14:24:37 ECM charon: 11[KNL] getting a local address in traffic selector 
0.0.0.0/0
Nov 16 14:24:37 ECM charon: 11[KNL] using host %any
Nov 16 14:24:37 ECM charon: 11[KNL] getting address to reach 174.90.228.134
Nov 16 14:24:37 ECM charon: 11[KNL] getting interface name for 192.168.21.100
Nov 16 14:24:37 ECM charon: 11[KNL] 192.168.21.100 is on interface eth0
Nov 16 14:24:37 ECM charon: 11[KNL] installing route: 172.22.0.0/28 via 
192.168.21.20 src %any dev eth0
Nov 16 14:24:37 ECM charon: 11[KNL] getting iface index for eth0
Nov 16 14:24:37 ECM charon: 11[KNL] getting interface name for 192.168.21.100
Nov 16 14:24:37 ECM charon: 11[KNL] 192.168.21.100 is on interface eth0

~# ip route show table 220
172.22.0.0/28 via 192.168.21.20 dev eth0  proto static
# ip rule
0:      from all lookup local
220:    from all lookup 220
32766:  from all lookup main
32767:  from all lookup default


-----Original Message-----
From: Martin Willi [mailto:mar...@strongswan.org] 
Sent: November-11-10 1:04 AM
To: Alexis Salinas
Cc: users@lists.strongswan.org
Subject: Re: [strongSwan] net-to-net with one gateway behind NAT

Hi Alexis,

> getting a local address in traffic selector 0.0.0.0/0 using host %any 
> getting address to reach 174.90.242.85 getting interface name for 
> 192.168.21.100 192.168.21.100 is on interface eth0 getting iface index 
> for eth0 received netlink error: No such process (3) unable to install 
> source route for %any

Yes, I have seen this error once. But I was unable to reproduce or fix it. The 
daemon tries to install a source route for this policy, like:

  ip route add 172.22.0.0/28 via GATEWAY src 192.168.21.100 dev eth0

But the kernel does not like that route. Maybe the gateway lookup does not work 
correctly on your setup, hard to say.

Please apply the attached patch. It shows the complete route the daemon tries 
to install. Does that route makes sense for your setup?

Regards
Martin
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to