-----BEGIN PGP SIGNED MESSAGE-----
{Please keep me on the CC, as I do not read users@ regularly}
>>>>> "Mike" == Mike Thomas <mike_at_bedarra.com> writes:
Mike> Hello,
Mike> I believe a bug or incompatibility exists between FS and systems with
Mike> Virtual IP's that are on a different net than the default gateway:
Mike> The scenario:
Mike> eth0: 198.64.129.55 Bcast:198.64.129.63 Mask:255.255.255.192
Mike> eth0:1 198.64.133.69 Bcast:198.64.133.255 Mask:255.255.255.252
Mike> eth0:1 198.64.133.70 Bcast:198.64.133.255 Mask:255.255.255.252
Mike> I am attempting to run FS on eth0:1 (I cannot use eth0 as my provider does
Mike> not guarantee the ip will not change), ipsec.conf contains:
Mike> interfaces=ipsec0=eth0:1
Mike> leftnexthop=198.64.129.1
Okay, basic things:
1) there is nothing in KLIPS that prevents you from layering ipsec0
on top of "eth0". You can specify "left=198.64.133.69" in the conn
just fine, and it will work.
2) except that pluto won't listen on all interfaces.
If we could just fix #2, then you wouldn't have a problem, I think.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr_at_sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Finger me for keys
iQCVAwUBPQZDdIqHRg3pndX9AQGWHgQA52Ia/cXQVtYUIgPY5sgLoPZw6JKALZ4V
Jtku9xm26bGSwZmhU6eh6UdnapHAl5NPJoK+YnKQvXohEFfN7Pq1NlcJQgGR2c0W
2go/RFFPysnblicGPia+4oW8qZkERV4mdme3oWivWov3Sktq3/bhl6AvH6Mr6o0j
bSRam83DXDs=
=gdJa
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:13 CEST