Thanks Charles. I tried changing the interfaces statement and the result was as expected. I am not sure how I would assign the extra addresses differently. I am assigning the p-t-p address in my wanpipe configuration and adding 2 of the extra 6 I have through Shorewall-NAT, as suggested in the Shorewall docs.
Do you have a /29 being routed to you by your ISP (8 IP addresses w/6 usable)? If so, that makes more sense, and typically these IP's would be assigned to a seperate interface, rather than the primary external interface.
I think your problems could be resulting from the fact that you have IP's on more than one subnet assigned to your external interface, which is not very common (note that multiple IP's on the *SAME* subnet is fairly common, and AFAIK works with IPSec).
To get this thing running, I would even be willing to hard code the address in the script if I knew where to make the edit.
I'm not sure if the IP address for ipsec0 is assigned by the startup scripts or by compiled code (likely pluto).
You might try greping for "interfaces" or "%defaultroute" in the ipsec scripts...you might be able to easily find where the IP address is being determined/assigned. If so, you may be able to either tweak the scripts or hard-code something to get everything working.
I'm not sure if the newer IPSec included with Bering works the same as the Dachstein version I'm running, but if it's similar, you want to look at the klipsinterface() procedure in /usr/local/lib/ipsec/_startklips
In the IPSec I'm running (V1.91), the following portion of code is responsible for reading the network settings which are eventually assigned to ipsec0 (including IP address) directly from the physical interface:
# set up a Klips interface
klipsinterface() {
# pull apart the interface spec<snip>
# figure out ifconfig for interface
addr=
eval `ifconfig $phys |
awk '$1 == "inet" && $2 ~ /^addr:/ && $4 ~ /^Mask:/ {
gsub(/:/, " ", $0)
print "addr=" $3
if ($4 == "Bcast")
print "type=broadcast"
else if ($4 == "P-t-P")
print "type=pointopoint"
else
print "type="
print "otheraddr=" $5
print "mask=" $7
}'`You should be able to modify this (or hard-code it) to work with your system, assuming there's something similar in your version of IPSec (I'm not real familiar with the IPSec version shipped with Bering...sorry!).
NOTE: If you copy the code between the ` marks (ie: starting with ifconfig and ending with }' ) and paste it into a shell window, you can easily see what settings are getting extracted by this code, and test any potential changes w/o having to mess with stopping/restarting IPSec.
-- Charles Steinkuehler [EMAIL PROTECTED]
------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
