Greetings everyone,
Back in Dec 2009 Johannes RuBek wrote:
>Hello Guys,
>I've nailed the problem down to our second "wan" interface.
>We have two interfaces connected to the internet and therefore two
>default routes.
>eth4 which is connected via SDSL and ppp0 which is connected to ADSL.
>eth4 is the default route, ppp0 adds a default route to table 210, which
>is used for policy routes based on firewall marks.
>the ip on eth4 is what we have in left=.
>If i take down ppp0, strongswan installs source routes as expected.
>If ppp0 is there, strongswan gets the "Network is unreachable" error.
>I think strongswan might be confused by the two default gateways here..
>Is it possible that strongswan uses the wrong gateway as nexthop on the
>right interface?
>Do you have any suggestions for a case like that?
Two years later I am facing the exact same problem on Ubuntu 10.10 with
Strongswan 4.5.1. Where do I go to report bug in Strongswan?
Overview of the setup:
a.. Tunnel is between 192.168.1.0 and 192.168.2.0 subnets. Tunnel can only
pass traffic one way, from 192.168.1.0 to 2.0 but not the other way around.
b.. 192.168.2.1 is the end with problem. It has two WAN interfaces (call them
2.2.2.2 and 6.6.6.6). So ip route list table main shows two default routes.
Also ip route list table 220 is empty.
c.. When charon tries to setup the route, it calls get_nexthop() for 2.2.2.2.
The function returns gw of 6.6.6.6 instead of gateway for 2.2.2.2.
d.. Following that charon complains "received netlink error: no such process"
and "unable to install source route for 192.168.2.1".
e.. If I use "ip route del" to remove default routes involving the second WAN
interface, charon can install the route successfully and the tunnel passes
traffic both ways.
f.. A minor detail: the route "default via 6.6.6.x dev eth2" appears twice,
one in main table and another in a user table. I have to delete both of them.
Below are the specifics and syslog.
syslog
==========
charon: 05[KNL] getting a local address in traffic selector 192.168.2.0/24
charon: 05[KNL] using host 192.168.2.1
charon: 05[KNL] getting address to reach 1.1.1.1
charon: 05[KNL] getting interface name for 2.2.2.2
charon: 05[KNL] 2.2.2.2 is on interface eth1
charon: 05[KNL] installing route: 192.168.1.0/24 via 6.6.6.254 src 192.168.2.1
dev eth1
charon: 05[KNL] getting iface index for eth1
charon: 05[KNL] received netlink error: No such process (3)
charon: 05[KNL] unable to install source route for 192.168.2.1
ipsec.conf
===========
config setup
plutostart=no
conn %default
mobike=no
keyexchange=ikev2
authby=secret
type=tunnel
leftsubnet=192.168.2.0/24
left=2.2.2.2
conn net2net
right=1.1.1.1
rightsubnet=192.168.1.0/24
auto=route
interfaces
===========
# The primary network interface
auto eth1
iface eth1 inet static
address 2.2.2.2
netmask 255.255.255.248
broadcast 2.2.2.7
metric 90
gateway 2.2.2.1
auto eth1:1
iface eth1:1 inet static
address 2.2.2.3
netmask 255.255.255.248
broadcast 2.2.2.7
# LAN interface
auto eth0
iface eth0 inet static
address 192.168.2.1
netmask 255.255.255.0
broadcast 192.168.2.255
# Extra interface 1
auto eth2
iface eth2 inet dhcp
ip route list table 220 is empty
================================
(expecting: 192.168.1.0/24 via 2.2.2.1 dev eth1 proto static src 192.168.2.1)
ip route list table main
========================
2.2.2.0/29 dev eth1 proto kernel scope link src 2.2.2.2
192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.1
6.6.6.0/22 dev eth2 proto kernel scope link src 6.6.6.6
default via 2.2.2.1 dev eth1 metric 90
default via 6.6.6.254 dev eth2 metric 100
extra info: there is another pair of default routes
involving the two wan ports
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
ip rule list
=============
0: from all lookup local
220: from all lookup 220
10101: from 2.2.2.0/29 lookup wan1
10102: from 6.6.6.0/22 lookup wan2
32766: from all lookup main
32767: from all lookup default
ip route list table wan1
========================
default via 2.2.2.1 dev eth1
ip route list table wan2
========================
default via 6.6.6.254 dev eth2
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
