Dear Lorry,
I have never experienced a broken filesystem on any of the IPsec gateways we have here
at IABG. But we rely on SuSE here and make pretty sure that only ext2 filesystem is
used. As I told you, you can mount a ext3 as ext2, but this is probably not always
what you want to do.
I have never seen the message: "route owner of "hp100-hp200" CK_PERMANENT unrouted:
NULL; eroute owner: NULL". I assume the pluto produces it before it starts to install
SADB entries and flow/eroute entries.
Can you give me a dump of your routing table and also the kernel .config you use for
2.4.7?
As I am not very familiar with RedHat, I don't know what they are doing when you do
whatever changes in your network configuration. It might be possible that at this
time, Pluto is already started and has your transport connection already loaded. If
this is true, then the SPD is already in place, causing all packets to be dropped as
they match the SPD but no SADB entries are there to process them.
Hope this helps,
Gerhard
--------------------------------------------
Gerhard Geßler
Communication Networks, IABG mbH
Einsteinstr. 20
85521 Ottobrunn, Germany
Telefon: +49 89 6088 - 2021
Fax: +49 89 6088 - 2845
E-Mail: [EMAIL PROTECTED]
> -----Original Message-----
> From: lorry [mailto:[EMAIL PROTECTED]
> Sent: Monday, August 04, 2003 7:00 PM
> To: [EMAIL PROTECTED]
> Subject: Re: [Users]A big problem about configure FreeS/WAN
> IPV6Patch!
>
>
> Dear Gessler
>
> I set "plutodebug=all" in the "ipsec.conf" and change my
> IPV6 addresses
> from /124 to /64 as what you told me! But pluto is still
> fail to negotiate
> the Phase 2 SA and more horrible is my root file system of
> HP200 is corrupted.
> You know I should cut the power of the hp200 and restart it
> again beacuse
> it can't respond to any key. I can't correct it by "fsck"
> so i must reinstall
> my RedHat7.3(2.4.18-3). It has appeared for four times so
> i'm afraid it will
> repeat again. In addition, this time i also change
> 'interfaces="ipsec0=eth0"'
> to interfaces=%defaultroute' in "ipsec.conf".
>
> I check the "secure" log of hp200, the last line writes:
> "route owner of "hp100-hp200" CK_PERMANENT unrouted: NULL;
> eroute owner: NULL".
> (see the attachment)
>
> I also find an surprising phenomena that if i modify the
> parameters of network
> and "service network restart" under kernel-2.4.7, it
> displays ok, but if ping
> a host that i can ping before, it gives me an error.
> [EMAIL PROTECTED] ipsec.d]# ping6 2001:250:f006:1::2
> PING 2001:250:f006:1::2(2001:250:f006:1::2) from
> 2001:250:f006:1::450 : 56 data
> bytes
> 64 bytes from 2001:250:f006:1::2: icmp_seq=1 ttl=64 time=0.561 ms
> 64 bytes from 2001:250:f006:1::2: icmp_seq=2 ttl=64 time=0.245 m
> --- 2001:250:f006:1::2 ping statistics ---
> 2 packets transmitted, 2 received, 0% loss, time 999ms
> rtt min/avg/max/mdev = 0.245/0.403/0.561/0.158 ms
> [EMAIL PROTECTED] ipsec.d]# service network restart
> Shutting down interface eth0: [ OK ]
> Shutting down interface eth1: [ OK ]
> Shutting down loopback interface: [ OK ]
> Setting network parameters: [ OK ]
> Bringing up loopback interface: [ OK ]
> Bringing up interface eth0: [ OK ]
> Bringing up interface eth1: [ OK ]
> [EMAIL PROTECTED] ipsec.d]# ping6 2001:250:f006:1::2
> PING 2001:250:f006:1::2(2001:250:f006:1::2) from
> 2001:250:f006:1::450 : 56 data
> bytes
> ping: sendmsg: Invalid argument
> ping: sendmsg: Invalid argument
>
> I must restart the computer to correct it ,but if i restart
> network again
> even i doesn't modify the parameters, it gets failure again. But in
> kernel-2.4.18-3, it disappears.
>
> The "/etc/network" of hp100 is:
> NETWORKING=yes
> HOSTNAME=HP100.ntl.ict.ac.cn
> NETWORKING_IPV6=yes
> IPV6FORWARDING=yes
> IPV6_DEFAULTGW=2001:250:f006:1::451
> GATEWAY=192.168.234.1
>
> I suspect that there are some problems with the
> kernel-2.4.7 or maybe
> my kernel option is wrong. Could you give me some advice?
> Thanks in advance.
>
> PS:I should apologize to you for boring you with the repeat mail.
> Please forgive an anxious boy who is in trouble.
>
> Lorry
>
>
>
