Project

General

Profile

Bug #809

Updated by Tobias Brunner over 4 years ago

Hi!

I have one computer/router with multiple interfaces.
The first interface is the wan connection (eth0) - x.y.z.16/24. The second interface (eth1) has a private network (192.168.XXX.0/24). The third interface (eth2) is connected to a network with 4 computers (a.b.c.40/29). The IP address for eth2 is a.b.c.41. The default gateway is x.y.z.1.

My ISP is routing everything for a.b.c.40/29 via x.y.z.16. But since there is a mail and a web server on this computer/router I need that outgoing IP address for locally generated packets to be a.b.c.41 not x.y.z.16.
Because of this I changed the default route this way:
@ip ip route replace default via x.y.z.1 dev eth0 src a.b.c.41@ a.b.c.41

So, the default route change from (ip r s):
@default default via x.y.z.1 dev eth0@ eth0
to:
@default default via x.y.z.1 dev eth0 src a.b.c.41@ a.b.c.41

Everything works fine but ipsec give me the following warning:
<pre>
charon: 00[KNL] unable to install source route for a.b.c.41
</pre>


The full trace is here:
<pre>
charon: 11[KNL] using host a.b.c.41
charon: 11[KNL] using x.y.z.1 as nexthop to reach 79.AA.BB.CC/32
charon: 11[KNL] a.b.c.41 is on interface eth2
charon: 11[KNL] installing route: 192.AA.BB.0/24 via x.y.z.1 src a.b.c.41 dev eth2
charon: 11[KNL] getting iface index for eth2
charon: 11[KNL] unable to install source route for a.b.c.41
</pre>


The route does not seems correct for me. charon should say something like this:
<pre>

charon: 11[KNL] installing route: 192.AA.BB.0/24 via x.y.z.1 src a.b.c.41 dev eth0
</pre>


If I do not alter the default route there is no warning and the "dev eth2" become "dev eth0" (the correct interface).
Anyway, the ipsec tunnel seems to be up and running correctly in both cases.

Sincerely,
G.V.

Back