From: Juraj B. <jo...@gm...> - 2005-08-18 18:33:06
|
Hello, > Yes, please, I want to see your script and how it is hooked with racoon. >=20 > Thanks in advance it's hooked up byt=20 script "/path/to/script" phase1_up; in the remote section. The script does only "ip route flush table cache" nothing else. However, yesterday I found out, that there's a situation with Windows (it's a fairly complex setup, since all packets travel to local network in IPSec tunnel mode of Checkpoint and inside of that is another transport mode with Windows native IPSec and Racoon). If I restart the connection and it gets the same address, the problem occurs again (this time because the windows client does not initiate new negotiation, just a new SA).=20 Here's patch to racoon, which is really a bastard one, but helps also in this case. I had no time to do this intelligently, but had to support the client, they needed a working solution, so no place for philosophy. Here's the patch (applies to src/racoon/pfkey.c): --- pfkey.c.orig 2005-08-17 22:05:34.483973688 +0200 +++ pfkey.c 2005-08-17 21:14:34.753123480 +0200 @@ -1374,6 +1374,11 @@ ipsec_strerror()); return -1; } + /* JURAJ: HERE */ + plog(LLV_DEBUG, LOCATION, NULL, + "Flushing kernel's routing cache"); + system("/sbin/ip route flush table cache"); + #else plog(LLV_DEBUG, LOCATION, NULL, "call pfkey_send_add\n"); @@ -1397,6 +1402,11 @@ } + /* JURAJ: HERE */ + plog(LLV_DEBUG, LOCATION, NULL, + "Flushing kernel's routing cache"); + system("/sbin/ip route flush table cache"); + #endif /* ENABLE_NATT */ if (!lcconf->pathinfo[LC_PATHTYPE_BACKUPSA]) Juraj. |