This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RoadWarrior not working in 3.216

Hello world,

I just upgraded to 3.215 and quickly after that to 3.216 and now my RoadWarrior acces no longer works. Can't tell whether it did work the one day I was running on 3.215 though.

Client is SSH Sentinel 1.4. Client VPN Diagnostics works fine and clients can actually connect to the gateway and then also do report that the VPN Tunnel is established successfully. I can however no longer ping (or any other traffic) to my Corporate LAN anymore from the clients.

The VPN Logging shows the following, where 212.xxx.yyy.5 (static) is my VPN gateway and 195.xxx.yyy.173 is the (dynamic) IP address of the client:

Jan 21 16:17:08 (none) Pluto[2467]:
ERROR: "Leusden_1" 195.xxx.yyy.173 #21: pfkey write() of SADB_DELETE message 205 for Delete SA esp.10797bb@212.xxx.yyy.5 failed. Errno 3: No such process
Pluto[2467]: |   02 04 00 03  0a 00 00 00  cd 00 00 00  a3 09 00 00
Pluto[2467]: |   02 00 01 00  01 07 97 bb  00 01 00 00  00 00 00 00
Pluto[2467]: |   03 00 05 00  00 00 00 00  02 00 01 f4  c3 f1 e0 ad
Pluto[2467]: |   00 00 00 00  00 00 00 00  03 00 06 00  00 00 00 00
Pluto[2467]: |   02 00 00 00  d4 f1 3c 05  00 00 00 00  00 00 00 00
Pluto[2467]: "Leusden_1" 195.xxx.yyy.173 #16: ignoring informational payload, type INVALID_PAYLOAD_TYPE
Pluto[2467]: "Leusden_1" 195.xxx.yyy.173 #16: received and ignored informational message
Pluto[2467]: "Leusden_1" 195.xxx.yyy.173 #18: route-client output: SIOCADDRT: Network is unreachable
Pluto[2467]: "Leusden_1" 195.xxx.yyy.173 #18: route-client output: /usr/local/lib/ipsec/_updown: `route add -net 195.xxx.yyy.173 netmask 255.255.255.255 dev ipsec0 gw 195.xxx.yyy.173' failed
Pluto[2467]: "Leusden_1" 195.xxx.yyy.173 #18: route-client output: /usr/local/lib/ipsec/_updown: (incorrect or missing nexthop setting??)
Pluto[2467]: "Leusden_1" 195.xxx.yyy.173 #18: route-client command exited with status 7

I already rebooted the gateway: No success. The gateway itself can actually ping to the clients public IP address and vice versa.

I interpret the log output such that the dynamic adding of the routing to the newly connected RoadWarrior client fails, which does explain that I can not longer ping my LAN.

Any suggestions?

Thanks!

This thread was automatically locked due to age.

0 oliver.desch over 22 years ago

Palantir,

it seems that you have multiple default gateways
- please remove all gateway settings except on the
external interface.

read you
o|iver
Cancel
Vote Up 0 Vote Down

Cancel
0 Palantir over 22 years ago in reply to oliver.desch

Stunning!

You are right! It seems that the upgrade added a funny default gateway to my internal interface, since there's suddenly a gateway defined 0.0.0.0 (???). I'm certain I did not enter this myself...

After removing the gateway definition from the internal interface, it still did not work. I noticed that there was still an entry in the routing table, routing 0.0.0.0 to the internal interface. I rebooted the ASL (lazy as I am) and the problem was solved...

Thanks a lot Oliver!
Cancel
Vote Up 0 Vote Down

Cancel