[KNL] unable to install source route for 213.a.b.41
I have one computer/router with multiple interfaces.
The first interface is the wan connection (eth0) - x.y.z.16/24. The second interface (eth1) has a private network (192.168.XXX.0/24). The third interface (eth2) is connected to a network with 4 computers (a.b.c.40/29). The IP address for eth2 is a.b.c.41. The default gateway is x.y.z.1.
My ISP is routing everything for a.b.c.40/29 via x.y.z.16. But since there is a mail and a web server on this computer/router I need that outgoing IP address for locally generated packets to be a.b.c.41 not x.y.z.16.
Because of this I changed the default route this way:
ip route replace default via x.y.z.1 dev eth0 src a.b.c.41
So, the default route change from (ip r s):
default via x.y.z.1 dev eth0
default via x.y.z.1 dev eth0 src a.b.c.41
Everything works fine but ipsec give me the following warning:
charon: 00[KNL] unable to install source route for a.b.c.41
The full trace is here:
charon: 11[KNL] using host a.b.c.41 charon: 11[KNL] using x.y.z.1 as nexthop to reach 79.AA.BB.CC/32 charon: 11[KNL] a.b.c.41 is on interface eth2 charon: 11[KNL] installing route: 192.AA.BB.0/24 via x.y.z.1 src a.b.c.41 dev eth2 charon: 11[KNL] getting iface index for eth2 charon: 11[KNL] unable to install source route for a.b.c.41
The route does not seems correct for me. charon should say something like this:
charon: 11[KNL] installing route: 192.AA.BB.0/24 via x.y.z.1 src a.b.c.41 dev eth0
If I do not alter the default route there is no warning and the "dev eth2" become "dev eth0" (the correct interface).
Anyway, the ipsec tunnel seems to be up and running correctly in both cases.
Merge branch 'interface-for-routes'
Changes how the interface for routes installed with policies is
determined. In most cases we now use the interface over which we reach the
other peer, not the interface on which the local address (or the source IP) is
installed. However, that might be the same interface depending on the
configuration (i.e. in practice there will often not be a change).
Routes are not installed anymore for drop policies and for policies with
#2 Updated by Tobias Brunner about 4 years ago
- Description updated (diff)
- Category set to kernel-interface
- Status changed from New to Closed
- Assignee set to Tobias Brunner
- Target version set to 5.5.0
- Resolution set to Fixed
This is believed to be fixed. Please open a new ticket if you still find there is an issue.