>endpoints. They both need 2 default routes. I found a post by >Casper Dik which allows you to force packets out the right interface >(to prevent Solaris from using round-robin out the interfaces). > >Using just IPsec tunneling alone works. Using ipf with just IPsec >or with an IPsec-encrypted tunnel results in a kernel stack panic: > >panic: ptl1 trap reason 0x2 > >panicsys(104236b0,1040c278,104082a8,78002000,0,f) + 44 >vpanic(104082a8,1040c278,31,0,2a1,30000f41d70) + cc >panic(104082a8,2,0,0,0,2a382c0) + 1c >sys_tl1_panic(5f029f61b8,2a100041fc8,0,120,0,0) + 8 >fr_qout(1,78037868,20,102eb154,0,3000110db18) + 400
Stack overflows in the scenario do not happen because lack of stack but because the algorithms goes into a loop, recursing on the stack. I've had that happen when something goes wrong, routing wise. I do *not* use two default routes myself; rather a handfu; of "preferred routes" plus one default route. What exact rules do you use? You need to explicitely forward to the first hop router on the other interface. Casper
