> > | From: Mike Thomas <mike_at_bedarra.com>
> >
> > [It is a little more convenient if you use a mailer that doesn't fold
> > long lines from the log or configuration files. Folding long lines of
> > prose is good.]
> Agreed. I am away for my machine and forced to use my least favourite of
mailers.
> > | I believe a bug or incompatibility exists between FS and systems
with
> > | Virtual IP's that are on a different net than the default gateway:
> > |
> > | The scenario:
> > |
> > | eth0: 198.64.129.55 Bcast:198.64.129.63 Mask:255.255.255.192
> > | eth0:1 198.64.133.69 Bcast:198.64.133.255 Mask:255.255.255.252
> > | eth0:1 198.64.133.70 Bcast:198.64.133.255 Mask:255.255.255.252
> >
> > Pluto doesn't understand multiple IP addresses on one alias. Would it
> > cause any problems for you to change this to use eth0:2 for
> > 198.64.133.70?
>
I am a bozon, .70 is in fact bound to eth0:2.
>
> eth0:2 198.64.133.70 Bcast:198.64.133.255 Mask:255.255.255.252
>
> >
> > | I am attempting to run FS on eth0:1 (I cannot use eth0 as my provider
> does
> > | not guarantee the ip will not change), ipsec.conf contains:
> > |
> > | interfaces=ipsec0=eth0:1
> > | leftnexthop=198.64.129.1
> > |
> > | Routing table is:
> > |
> > | linux10670-be * 255.255.255.255 UH 0 0
0
> eth1
> > | linux10670.dn.n * 255.255.255.255 UH 0 0
0
> eth0
> > | 198.64.133.68 * 255.255.255.252 U 0 0
0
> eth0
> > | 198.64.133.68 * 255.255.255.252 U 0 0
0
> ipsec0
> > | 198.64.129.0 * 255.255.255.192 U 0 0
0
> eth0
> > | 192.168.180.0 * 255.255.255.0 U 0 0
0
> eth1
> > | 127.0.0.0 * 255.0.0.0 U 0 0
0
> lo
> > | default 198.64.129.1 0.0.0.0 UG 0 0
0
> eth0
> >
> >
> > | I get the following from FS when attempting this connection:
> >
> > There may be important messages earlier in the log. A barf might be
> > helpful.
> >
> > | Jun 11 12:30:32 linux10670 Pluto[20079]: "gateway" 209.226.111.157 #2:
> > | route-host output: SIOCADDRT: Network is unreachable
> > | Jun 11 12:30:32 linux10670 Pluto[20079]: "gateway" 209.226.111.157 #2:
> > | route-host output: /usr/local/lib/ipsec/_updown: `route add -net
> > | 209.226.111.157 netmask 255.255.255.255 dev ipsec0 gw 198.64.133.70'
> failed
> > | Jun 11 12:30:32 linux10670 Pluto[20079]: "gateway" 209.226.111.157 #2:
> > | route-host output: /usr/local/lib/ipsec/_updown: (incorrect or missing
> > | nexthop setting??)
> >
> > This command failed:
> > route add -net 209.226.111.157 netmask 255.255.255.255 dev ipsec0 gw
> 198.64.133.70
> > It failed with:
> > SIOCADDRT: Network is unreachable
> >
> > Do you think that this command should have worked?
> >
> > If so, why did it not work?
> >
> > If not, why did Pluto/_updown try to execute it? This is one I could
> > answer, but more information might help. I don't know enough about
> > what you are trying to do.
> >
> > I noticed:
> >
> > - ipsec0 is bound to eth0:1, both with address 198.64.133.69
> > (or maybe 198.64.133.70, but I don't think so)
> >
> > - ipsec0/eth0:1 can be used for packets destined for 198.64.133.68/30
> >
> > - 198.64.133.68/30 includes 198.64.133.68 - 198.64.133.71
> >
> > - but: 198.64.133.70 is one of the addresses of eth0:1.
> > Does that make any sense when 198.64.133.70 is specified as nexthop?
>
Sorry, I mixed up the barfs. The one above with .70 was a last gasp
attempt
to get things working using 169.70. The attached barf uses a leftnexthop
equal to the default gateway listed in the routing table (198.64.129.1)
>
I have attached a barf with all parameters as they should be(apologies, its
already been a long week). As far as the new barf goes, I believe the
commands that are failing should work, but my knowledge of the route
command(routing in general) is very limited.
Thanks again,
Mike
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:14 CEST