IPv6 readyNote: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

Fw: [Users] FSwan and Virtual Ip's

From: Mike Thomas (mike_at_bedarra.com)
Date: Mon Jun 03 2002 - 16:49:07 CEST

 Try one more time<g>. I didn't get any replies when originally posted.
(Basic issue is routing errors when using FreeSwan with virtual IP's). Logs
and barf follow.

 Thanks,

 Mike.

> > Mike,
> >
> > Need more information - post your ifconfig and route -n statements
> > (sanitized if need be)
>
>
> Thanks,
> Here is some additional info as requested. Also, I am connecting
> from behind a linksys router doing NAT. I don't believe this is the
> problem as when I use the non-virtual IP FS works.
>
> Thanks again,
>
> Mike.
>
> ifconfig:
>
> eth0 Link encap:Ethernet HWaddr 00:03:47:A5:55:DF
> inet addr:198.64.129.55 Bcast:198.64.129.63
> Mask:255.255.255.192
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:48864 errors:0 dropped:0 overruns:0 frame:0
> TX packets:30346 errors:0 dropped:0 overruns:0 carrier:0
> collisions:80 txqueuelen:100
> Interrupt:21
>
> eth0:1 Link encap:Ethernet HWaddr 00:03:47:A5:55:DF
> inet addr:198.64.133.69 Bcast:198.64.133.255
> Mask:255.255.255.252
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> Interrupt:21
>
> eth0:2 Link encap:Ethernet HWaddr 00:03:47:A5:55:DF
> inet addr:198.64.133.70 Bcast:198.64.133.255
> Mask:255.255.255.252
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> Interrupt:21
>
> eth1 Link encap:Ethernet HWaddr 00:03:47:A5:55:E0
> inet addr:192.168.180.115 Bcast:192.168.180.255
> Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:955 errors:0 dropped:0 overruns:0 frame:0
> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:100
> Interrupt:20 Base address:0x2000
>
> ipsec0 Link encap:Ethernet HWaddr 00:03:47:A5:55:DF
> inet addr:198.64.133.69 Mask:255.255.255.252
> UP RUNNING NOARP MTU:16260 Metric:1
> RX packets:419 errors:0 dropped:49 overruns:0 frame:0
> TX packets:370 errors:0 dropped:52 overruns:0 carrier:0
> collisions:0 txqueuelen:10
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:7 errors:0 dropped:0 overruns:0 frame:0
> TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
>
>
> route tables:
>
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use
> Iface
> 192.168.180.115 0.0.0.0 255.255.255.255 UH 0 0 0
eth1
> 198.64.129.55 0.0.0.0 255.255.255.255 UH 0 0 0
eth0
> 198.64.133.68 0.0.0.0 255.255.255.252 U 0 0 0
eth0
> 198.64.133.68 0.0.0.0 255.255.255.252 U 0 0 0
> ipsec0
> 198.64.129.0 0.0.0.0 255.255.255.192 U 0 0 0
eth0
> 192.168.180.0 0.0.0.0 255.255.255.0 U 0 0 0
eth1
> 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
> 0.0.0.0 198.64.129.1 0.0.0.0 UG 0 0 0
eth0
>
> ipsec.conf
>
> config setup
> # THIS SETTING MUST BE CORRECT or almost nothing will work;
> # %defaultroute is okay for most simple cases.
> interfaces=ipsec0=eth0:1
> #interfaces=%defaultroute
> # Debug-logging controls: "none" for (almost) none, "all" for lots.
> klipsdebug=none
> plutodebug=none
> # Use auto= parameters in conn descriptions to control startup actions.
> plutoload=%search
> plutostart=%search
> # Close down old connection when new one using same ID shows up.
> uniqueids=yes
>
>
>
> # defaults for subsequent connection descriptions
> # (these defaults will soon go away)
> conn %default
> keyingtries=0
> disablearrivalcheck=no
> authby=rsasig
> left=198.64.133.69
> leftrsasigkey=%cert
> rightrsasigkey=%cert
> leftid="@C=CA, ST=ZZ, O=XX, CN=VPN Gateway"
> leftnexthop=198.64.129.1
>
> conn gateway
> right=%any
> rightsubnet=0/0
> rightid="@C=CA, ST=ZZ, O=XX, CN=VPN Client"
> auto=add
>
>
> > >
> > > I searched the list but could not find anything directly
> > > relevant to my
> > > problem. I use a dedicated hosting box that uses Virtual IP's. When I
> > > attempt to use FSwan on either of the virtual IP's it fails with the
> > > error below.
>
> > >
> > >
> > > "gateway" 24.42.244.146 #2: route-host output: SIOCADDRT: Network is
> > > unreachable
> > > May 23 13:21:06 linux10670 Pluto[10571]: "gateway" xx.xx.xx.146 #2:
> > > route-host output: /usr/local/lib/ipsec/_updown: `route add
> > > -net 0.0.0.0
> > > netmask 128.0.0.0 dev ipsec0 gw xxx.64.129.xx &&
> > > May 23 13:21:06 linux10670 Pluto[10571]: "gateway" xx.xx.xx.146 #2:
> > > route-host output: \011\011\011route add -net 128.0.0.0 netmask
> > > 128.0.0.0 dev ipsec0 gw 198.64.129.68' failed
> > > May 23 13:21:06 linux10670 Pluto[10571]: "gateway" xx.xx.xx.146 #2:
> > > route-host output: /usr/local/lib/ipsec/_updown: (incorrect
> > > or missing
> > > nexthop setting??)
> > > May 23 13:21:06 linux10670 Pluto[10571]: "gateway" xx.xx.xx.146 #2:
> > > route-host command exited with status 7
> > > May 23 13:21:06 linux10670 Pluto[5117]: |
> > >
> > >
> > > _______________________________________________
> > > Users mailing list
> > > Users_at_lists.freeswan.org
> > > http://lists.freeswan.org/mailman/listinfo/users
> > >
> >
>
>
>

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:10 CEST