Description of problem: nexthop=%defaultroute does not work with ppp connection since fc6. The problem is related to feature (or bug) of pppd that does not fill default gateway address in the default route line. Paul Wouters created a patch to openswan that will go into openswan 2.4.7 release. I would appreciate this patch into fedora openswan package. Version-Release number of selected component (if applicable): openswan-2.4.5-2.1 How reproducible: Always. Steps to Reproduce: 1. Bring up ppp connection. 2. Bring up ipsec tunnel with ?nexthop=%defaultroute 3. IPsec tunnel will not come up Actual results: IPsec tunnel does no come up. Expected results: IPsec tunnel comes up. Additional info: The patch consist of editing the file /usr/lib/ipsec/_startklips. The lines (at line 156): if test " $2" != " 0.0.0.0" then echo "defaultroutenexthop=$2" fi should be changed to: if test " $2" != " 0.0.0.0" then echo "defaultroutenexthop=$2" else echo "defaultroutenexthop=%direct" fi
There is actually no reason why FC6 is not running the same openswan rpm as F-7. The 2.4.x release is in bugfix/maintenance release only. 2.4.9 is out, and 2.4.10 will be out shortly (the last releases in the 2.4.x series)
Fedora 6 has reached end of life. This issue is resolved in later releases.