On 18 Jul 2002 15:18:09 +0200
"Ronny Aasen" <[EMAIL PROTECTED]> wrote:
> Hi again
>
> I have setup a new bering box using isdn for external and 3com nic for
> internal.
>
> on this box i get the same error as on a adsl box
>
> **console output while trying to restart ipsec**
> isdnvpn: -root-
> # ipsec setup restart
> ipsec_setup: Stopping FreeS/WAN IPsec...
> ipsec_setup: stop ordered, but IPsec does not appear to be running!
> ipsec_setup: doing cleanup anyway...
> ipsec_setup: Starting FreeS/WAN IPsec 1.98b...
> ipsec_setup: Using /lib/modules/ipsec.o
> ipsec_setup: unable to determine address of `ippp0'
>
>
>
>
> IANAC but i think some of the problem is in this passage in
> /lib/ipsec/_startklips.
>
> eval `ip addr show $phys |
> awk '$1 == "inet" && $3 == "brd" {
> print "addr=" $2
> other = $4
> if ($3 == "brd")
> print "type=broadcast"
> else if ($3 == "peer")
> print "type=pointopoint"
> else if (NF == 5) {
> print "type="
> other = "" }
> else
> print "type=unknown"
> print "otheraddr=" other
> # print "mask=" $NF
> gsub(/\//, " ", $0)
> }'`
>
if test " $addr" = " "> then
> echo "unable to determine address of \`$phys'"
> exit 1
> fi
You know, I finally see a problem with this script. The "meat" of the script is not
going to execute unless the first field is "inet" and the third field is "brd". Not
going to work with ppp devices!
Welcome to the Bering testing team!
Try this:
=========== BEGIN SCRIPT FRAGMENT ============
eval `ip addr show $phys |
awk '$1 == "inet" {
print "addr=" $2
other = $4
if ($3 == "brd")
print "type=broadcast"
else if ($3 == "peer")
print "type=pointopoint"
else if (NF == 5) {
print "type="
other = "" }
else
print "type=unknown"
print "otheraddr=" other
# print "mask=" $NF
gsub(/\//, " ", $0)
}'`
============ END SCRIPT FRAGMENT =============
> 'ip addr show ippp0' on my system shows
>
> # ip addr show ippp0
> 8: ippp0: <POINTOPOINT,NOARP,DYNAMIC,UP> mtu 1500 qdisc pfifo_fast qlen
> 30
> link/ppp
> inet 130.67.214.178 peer 130.67.213.128/16 scope global ippp0
^
See, your third field isn't 'brd'! Duh!
> i have messed up my ipsec.lrp' so often now i almost bought a zywall,
> luckily i got a hold of myself.
Don't give up the good fight yet, Ronny!
--
------------------------------------------------------------------------
Chad Carr [EMAIL PROTECTED]
------------------------------------------------------------------------
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
