tunnel routes deleted on RHEL
Issue
Description
In one of the livenet OMP servers it was observed that IPSec tunnels to RHEL RNC server went off on a live production machine, upon further investigation we found the route for these tunnels are deleted from the routing table on OMP server automatically (perhaps by pluto?),
Following is the snippet from /var/log/messages:
Jul 23 13:41:55 wilomp1 pluto[12477]: ERROR: asynchronous network error report on eth0.1899 (sport=500
) for message to 10.39.0.66 port 500, complainant 10.34.0.125: No route to host [errno 113, origin ICM
P type 3 code 1 (not authenticated)]
Jul 23 13:41:55 wilomp1 pluto[12477]: ERROR: asynchronous network error report on eth0.1899 (sport=500
) for message to 10.39.0.66 port 500, complainant 10.34.0.125: No route to host [errno 113, origin ICM
P type 3 code 1 (not authenticated)]
Jul 23 13:41:55 wilomp1 pluto[12477]: "iptun2108" #93: ERROR: asynchronous network error report on eth
0.1899 (sport=500) for message to 10.39.0.66 port 500, complainant 10.34.0.125: No route to host [errn
o 113, origin ICMP type 3 code 1 (not authenticated)]
Jul 23 13:41:59 wilomp1 pluto[12477]: ERROR: asynchronous network error report on eth0.1899 (sport=500
) for message to 10.39.0.65 port 500, complainant 10.34.0.125: No route to host [errno 113, origin ICM
P type 3 code 1 (not authenticated)]
Jul 23 13:41:59 wilomp1 pluto[12477]: "iptun2107" #94: ERROR: asynchronous network error report on eth
0.1899 (sport=500) for message to 10.39.0.65 port 500, complainant 10.34.0.125: No route to host [errn
o 113, origin ICMP type 3 code 1 (not authenticated)]
Jul 23 13:42:05 wilomp1 pluto[12477]: "iptun2108" #93: ERROR: asynchronous network error report on eth
0.1899 (sport=500) for message to 10.39.0.66 port 500, complainant 10.34.0.125: No route to host [errn
o 113, origin ICMP type 3 code 1 (not authenticated)]
Detailed secure and messages log is attached.
A similar issue is reported from production field customer OMP server (logs are awaited) but we suspect it could be on the similar lines.
Can RedHat explain under what circumstances the pluto daemon deletes the routes, I remember RedHat Case 01074362 gave us a patch to keep the routes intact while one of the end points reboots, this may not exactly be similar to that ticket but RedHat can derive or enhance that patch to address this issue.
Please note that this a production livenet IPTC lab and we will have restrictions in getting the sosreport.
Environment
Red Hat Enterprise Linux (RHEL) 6.4 (EUS)
openswan-2.6.32-21.3.el6_4 from case 01074362
kernel-2.6.32-358.23.2.el6.x86_64
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
