Package: openswan Version: 1:2.4.9+dfsg-1 Severity: serious After upgrading to this version from 2.4.8, my tunnels no longer work. At startup I get (slightly anonymised):
Nov 5 20:10:46 melech ipsec_setup: NETKEY on ppp0 83.188.xxx.yyy/255.255.255.255 pointopoint 10.64.64.64 Nov 5 20:10:46 melech ipsec_setup: ...Openswan IPsec started Nov 5 20:10:46 melech ipsec_setup: Starting Openswan IPsec 2.4.9... Nov 5 20:10:46 melech ipsec__plutorun: ipsec_auto: fatal error in "home": %defaultroute requested but not known Nov 5 20:10:46 melech ipsec__plutorun: ipsec_auto: fatal error in "dac": %defaultroute requested but not known After downgrading to 1:2.4.8-dfsg-1 it works again. I have a ppp setup: ~$ ip route 10.64.64.64 dev ppp0 proto kernel scope link src 83.178.xxx.yyy 172.16.10.0/24 dev ppp0 scope link src 172.16.10.240 default dev ppp0 scope link /etc/ipsec.conf (slightly anonymised): version 2 # basic configuration config setup interfaces="%defaultroute" nat_traversal=yes plutowait=yes conn %default authby=rsasig rightrsasigkey=%cert rightca="C=SE, L=...stuff removed..." left=%defaultroute dpddelay=30 leftcert=host.pem conn home leftsubnet=192.168.100.4/32 leftsourceip=192.168.100.4 right=home-gw.example.se rightid="C=SE, O=...stuff removed..." rightsubnet=192.168.100.0/24 dpdaction=restart auto=add conn dac leftsubnet=172.16.10.240/32 leftsourceip=172.16.10.240 right=gw.example.com rightsubnet=172.16.10.0/24 [EMAIL PROTECTED] dpdaction=restart auto=add #Disable Opportunistic Encryption include /etc/ipsec.d/examples/no_oe.conf # end of ipsec.conf -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.24-rc1-melech (SMP w/2 CPU cores; PREEMPT) Locale: LANG=sv_SE.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages openswan depends on: ii bind9-host [host] 1:9.4.1-P1-3 Version of 'host' bundled with BIN ii bsdmainutils 6.1.7 collection of more utilities from ii debconf [debconf-2.0] 1.5.14 Debian configuration management sy ii debianutils 2.25.1 Miscellaneous utilities specific t ii iproute 20070313-1 Professional tools to control the ii ipsec-tools 1:0.6.7-1.1 IPsec tools for Linux ii libc6 2.6.1-1 GNU C Library: Shared libraries ii libcurl3 7.17.0-1 Multi-protocol file transfer libra ii libgmp3c2 2:4.2.2+dfsg-1 Multiprecision arithmetic library ii libldap2 2.1.30.dfsg-13.5 OpenLDAP libraries ii libpam0g 0.99.7.1-5 Pluggable Authentication Modules l ii libssl0.9.8 0.9.8g-1 SSL shared libraries ii openssl 0.9.8g-1 Secure Socket Layer (SSL) binary a openswan recommends no packages. -- debconf information: openswan/existing_x509_key_filename: openswan/x509_state_name: openswan/rsa_key_length: 2048 * openswan/restart: false * openswan/start_level: "after PCMCIA" * openswan/enable-oe: false openswan/existing_x509_certificate: false openswan/existing_x509_certificate_filename: * openswan/create_rsa_key: false openswan/x509_email_address: openswan/x509_country_code: AT openswan/x509_self_signed: true openswan/x509_organizational_unit: openswan/x509_locality_name: openswan/x509_common_name: openswan/rsa_key_type: x509 openswan/x509_organization_name: -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]