Hi Charles,
I do have the /29 being routed as you expected. I have had them assigned to
the same interface as the p-t-p /30 address for the last 2 years and
running fine.
If there is a better (correct) way of doing this I would be greatfull for
any advice.
Ipsec included with Bering rc3 is 1.97. I changed _startklips back to use
ifconfig as I already had ifconfig loaded to support wanpipe. It seems to
configure the proper address now. I will test tonight.
Thanks again,
Eddie
-----Original Message-----
From: Charles Steinkuehler [SMTP:[EMAIL PROTECTED]
Sent: Wednesday, December 17, 2003 3:54 PM
To: [EMAIL PROTECTED]
Cc: '[EMAIL PROTECTED]'
Subject: Re: [leaf-user] Moving from Dachstein to Bering
Eddie Wilson wrote:
> Thanks Charles. I tried changing the interfaces statement and the result
> was as expected. I am not sure how I would assign the extra addresses
> differently. I am assigning the p-t-p address in my wanpipe configuration
> and adding 2 of the extra 6 I have through Shorewall-NAT, as suggested in
> the Shorewall docs.
Do you have a /29 being routed to you by your ISP (8 IP addresses w/6
usable)? If so, that makes more sense, and typically these IP's would
be assigned to a seperate interface, rather than the primary external
interface.
I think your problems could be resulting from the fact that you have
IP's on more than one subnet assigned to your external interface, which
is not very common (note that multiple IP's on the *SAME* subnet is
fairly common, and AFAIK works with IPSec).
> To get this thing running, I would even be willing to hard code the
address
> in the script if I knew where to make the edit.
I'm not sure if the IP address for ipsec0 is assigned by the startup
scripts or by compiled code (likely pluto).
You might try greping for "interfaces" or "%defaultroute" in the ipsec
scripts...you might be able to easily find where the IP address is being
determined/assigned. If so, you may be able to either tweak the scripts
or hard-code something to get everything working.
I'm not sure if the newer IPSec included with Bering works the same as
the Dachstein version I'm running, but if it's similar, you want to look
at the klipsinterface() procedure in /usr/local/lib/ipsec/_startklips
In the IPSec I'm running (V1.91), the following portion of code is
responsible for reading the network settings which are eventually
assigned to ipsec0 (including IP address) directly from the physical
interface:
# set up a Klips interface
klipsinterface() {
# pull apart the interface spec
<snip>
# figure out ifconfig for interface
addr=
eval `ifconfig $phys |
awk '$1 == "inet" && $2 ~ /^addr:/ && $4 ~ /^Mask:/ {
gsub(/:/, " ", $0)
print "addr=" $3
if ($4 == "Bcast")
print "type=broadcast"
else if ($4 == "P-t-P")
print "type=pointopoint"
else
print "type="
print "otheraddr=" $5
print "mask=" $7
}'`
You should be able to modify this (or hard-code it) to work with your
system, assuming there's something similar in your version of IPSec (I'm
not real familiar with the IPSec version shipped with Bering...sorry!).
NOTE: If you copy the code between the ` marks (ie: starting with
ifconfig and ending with }' ) and paste it into a shell window, you can
easily see what settings are getting extracted by this code, and test
any potential changes w/o having to mess with stopping/restarting IPSec.
--
Charles Steinkuehler
[EMAIL PROTECTED]
-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
