> Sorry, I should have mentioned --debug, as in: > ipsec showroute --debug 2404:9400:3:0:216:3eff:fee8:a03 > and to run it before the connection establishes (even without pluto running). > > It runs the code used to resolve %defaultroute. > > (there's also the undocumented debug=updown which runs the script with -v -x.) > > It's sounding a lot like breakage in the %defaultroute code.
--- # ipsec showroute --debug 2404:9400:3:0:216:3eff:fee8:a03 | resolving family=IPv6 this=%defaultroute thisnexthop=%defaultroute (peer) that=<address> | seeking GATEWAY | query GETROUTE+REQUEST+ROOT+MATCH | add RTA_DST <unset-address> (peer->host.addr(ip)) | opening non-blocking netlink socket | sent 32 byte netlink message | reading into 32768 byte buffer | processing 2436 byte response | parsing route entry (RTA payloads) | RTA_TABLE=254 | RTA_DST=::1 | RTA_PRIORITY=256 | RTA_PREF=0 | using src=<unset-address> prefsrc=<unset-address> gateway=<unset-address> dst=::1 dev='lo' priority=256 pref=0 table=254 +cacheinfo | parsing route entry (RTA payloads) | RTA_TABLE=254 | RTA_DST=2403:5805:3555:: | RTA_PRIORITY=102 | RTA_PREF=0 | using src=<unset-address> prefsrc=<unset-address> gateway=<unset-address> dst=2403:5805:3555:: dev='eth0' priority=102 pref=0 table=254 +cacheinfo | parsing route entry (RTA payloads) | RTA_TABLE=254 | RTA_DST=2403:5805:3555:10:: | RTA_PRIORITY=101 | RTA_PREF=0 | using src=<unset-address> prefsrc=<unset-address> gateway=<unset-address> dst=2403:5805:3555:10:: dev='eth1' priority=101 pref=0 table=254 +cacheinfo | parsing route entry (RTA payloads) | RTA_TABLE=254 | RTA_DST=fe80:: | RTA_PRIORITY=1024 | RTA_PREF=0 | using src=<unset-address> prefsrc=<unset-address> gateway=<unset-address> dst=fe80:: dev='eth1' priority=1024 pref=0 table=254 +cacheinfo | parsing route entry (RTA payloads) | RTA_TABLE=254 | RTA_DST=fe80:: | RTA_PRIORITY=1024 | RTA_PREF=0 | using src=<unset-address> prefsrc=<unset-address> gateway=<unset-address> dst=fe80:: dev='eth1.10' priority=1024 pref=0 table=254 +cacheinfo | parsing route entry (RTA payloads) | RTA_TABLE=254 | RTA_DST=fe80:: | RTA_PRIORITY=1024 | RTA_PREF=0 | using src=<unset-address> prefsrc=<unset-address> gateway=<unset-address> dst=fe80:: dev='eth0' priority=1024 pref=0 table=254 +cacheinfo | parsing route entry (RTA payloads) | RTA_TABLE=254 | RTA_PRIORITY=1024 | RTA_GATEWAY=fe80::a691:b1ff:fed4:dc56 | RTA_PREF=0 | using src=<unset-address> prefsrc=<unset-address> gateway=fe80::a691:b1ff:fed4:dc56 dst=<unset-address> dev='eth0' priority=1024 pref=0 table=254 +cacheinfo | found gateway(host_nexthop): fe80::a691:b1ff:fed4:dc56 | reading into 32768 byte buffer | processing 20 byte response | DONE | please-call-again this=%defaultroute thisnexthop=fe80::a691:b1ff:fed4:dc56<address> | resolving family=IPv6 this=%defaultroute thisnexthop=fe80::a691:b1ff:fed4:dc56<address> (peer) that=<address> | seeking PREFSRC | query GETROUTE+REQUEST | add RTA_DST <unset-address> (peer->host.addr(ip)) | opening non-blocking netlink socket | sent 32 byte netlink message | reading into 32768 byte buffer | processing 52 byte response | ERROR ipsec showroute: 2404:9400:3:0:216:3eff:fee8:a03: source failed --- _______________________________________________ Swan mailing list -- [email protected] To unsubscribe send an email to [email protected]
