Project

General

Profile

Bug #809

[KNL] unable to install source route for 213.a.b.41

Added by G. V. almost 6 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Category:
kernel-interface
Target version:
Start date:
29.12.2014
Due date:
Estimated time:
Affected version:
5.2.1
Resolution:
Fixed

Description

Hi!

I have one computer/router with multiple interfaces.
The first interface is the wan connection (eth0) - x.y.z.16/24. The second interface (eth1) has a private network (192.168.XXX.0/24). The third interface (eth2) is connected to a network with 4 computers (a.b.c.40/29). The IP address for eth2 is a.b.c.41. The default gateway is x.y.z.1.

My ISP is routing everything for a.b.c.40/29 via x.y.z.16. But since there is a mail and a web server on this computer/router I need that outgoing IP address for locally generated packets to be a.b.c.41 not x.y.z.16.
Because of this I changed the default route this way:
ip route replace default via x.y.z.1 dev eth0 src a.b.c.41

So, the default route change from (ip r s):
default via x.y.z.1 dev eth0
to:
default via x.y.z.1 dev eth0 src a.b.c.41

Everything works fine but ipsec give me the following warning:

charon: 00[KNL] unable to install source route for a.b.c.41

The full trace is here:

charon: 11[KNL] using host a.b.c.41                                                                                                                          
charon: 11[KNL] using x.y.z.1 as nexthop to reach 79.AA.BB.CC/32                                                                                            
charon: 11[KNL] a.b.c.41 is on interface eth2                                                                                                                
charon: 11[KNL] installing route: 192.AA.BB.0/24 via x.y.z.1 src a.b.c.41 dev eth2
charon: 11[KNL] getting iface index for eth2                                                                                                                       
charon: 11[KNL] unable to install source route for a.b.c.41

The route does not seems correct for me. charon should say something like this:

    charon: 11[KNL] installing route: 192.AA.BB.0/24 via x.y.z.1 src a.b.c.41 dev eth0

If I do not alter the default route there is no warning and the "dev eth2" become "dev eth0" (the correct interface).
Anyway, the ipsec tunnel seems to be up and running correctly in both cases.

Sincerely,
G.V.


Related issues

Related to Bug #824: kernel_netlink plugin decides on wrong interface for routeClosed17.01.2015

Associated revisions

Revision 96b1fab5
Added by Tobias Brunner over 4 years ago

Merge branch 'interface-for-routes'

Changes how the interface for routes installed with policies is
determined. In most cases we now use the interface over which we reach the
other peer, not the interface on which the local address (or the source IP) is
installed. However, that might be the same interface depending on the
configuration (i.e. in practice there will often not be a change).

Routes are not installed anymore for drop policies and for policies with
protocol/port selectors.

Fixes #809, #824, #1347.

History

#1 Updated by Tobias Brunner almost 6 years ago

  • Related to Bug #824: kernel_netlink plugin decides on wrong interface for route added

#2 Updated by Tobias Brunner over 4 years ago

  • Description updated (diff)
  • Category set to kernel-interface
  • Status changed from New to Closed
  • Assignee set to Tobias Brunner
  • Target version set to 5.5.0
  • Resolution set to Fixed

This is believed to be fixed. Please open a new ticket if you still find there is an issue.

Also available in: Atom PDF