Thanks Charles. I tried changing the interfaces statement and the result was as expected. I am not sure how I would assign the extra addresses differently. I am assigning the p-t-p address in my wanpipe configuration and adding 2 of the extra 6 I have through Shorewall-NAT, as suggested in the Shorewall docs.
To get this thing running, I would even be willing to hard code the address in the script if I knew where to make the edit. Thanks again, Eddie -----Original Message----- From: Charles Steinkuehler [SMTP:[EMAIL PROTECTED] Sent: Wednesday, December 17, 2003 1:21 PM To: [EMAIL PROTECTED] Cc: '[EMAIL PROTECTED]' Subject: Re: [leaf-user] Moving from Dachstein to Bering Eddie Wilson wrote: > I've included an ipsec-barf to demonstrate ipsec0 being assigned to an > address other than the primary for that interface. < very helpful IPSec barf snipped> > -----Original Message----- > From: Eddie Wilson [SMTP:[EMAIL PROTECTED] > Sent: Saturday, December 13, 2003 9:48 AM > To: '[EMAIL PROTECTED]' > Subject: [leaf-user] Moving from Dachstein to Bering > > While moving from DachsteinCD to Bering rc3 I've run into ipsec0 being > assigned to the last of my public address range instead of the first. Does > anyone know of a way to change this back? Maybe use an older version of IPSec? <only slightly kidding> I suspect the newer version of IPSec included with Bering is causing your problems, with an additional possability being diferences between the 2.2 and the 2.4 kernel (especially when handling odd IP assignments like you seem to have). It looks like you've got a /30 point-point link on the external interface, then two /32 IP's from who-knows-where that are also assigned directly to the external interface. I can suggest you try using: interfaces="ipsec0=wp1fr659" instead of the current %defaultroute, but I doubt that will help. If at all possible, assigning your extra public IP addresses differently would probably help (perhaps assigning them to a DMZ interface, or a 'spare' NIC added to the system?). If you could explain a bit more about exactly how your ISP is assigning you your public IP's (and routing them to you), a more conventional IP configration might present itself, as well. -- Charles Steinkuehler [EMAIL PROTECTED] ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html