Eddie Wilson wrote:
Hi Charles,
I do have the /29 being routed as you expected. I have had them assigned to the same interface as the p-t-p /30 address for the last 2 years and running fine.
If there is a better (correct) way of doing this I would be greatfull for any advice.
Ipsec included with Bering rc3 is 1.97. I changed _startklips back to use ifconfig as I already had ifconfig loaded to support wanpipe. It seems to configure the proper address now. I will test tonight.
Let us all know if it works using the ifconfig command. If so, this should be considered a bug that should be fixed.
OK, I checked into the modified scripts used by the Bering IPSec, and found the problem. The relevant portion of the original Bering klipsinterface () procedure looks like the following:
#<Bering>
# eval `ifconfig $phys |
# awk '$1 == "inet" && $2 ~ /^addr:/ && $NF ~ /^Mask:/ {
# gsub(/:/, " ", $0)
# print "addr=" $3
# other = $5
# if ($4 == "Bcast")
# print "type=broadcast"
# else if ($4 == "P-t-P")
# print "type=pointopoint"
eval `ip addr show $phys primary |
awk '$1 == "inet" {
print "addr=" $2
other = $4
if ($3 == "brd")
print "type=broadcast"
else if ($3 == "peer")
print "type=peer"
else if (NF == 5) {
print "type="
other = ""
} else
print "type=unknown"
print "otheraddr=" other
# print "mask=" $NF
gsub(/\//, " ", $0)
#</Bering>The problem is with the "ip addr show $phys primary", which will return *MORE THAN ONE* ip address if there are multiple subnets, vs. ifconfig, which will only return a signle IP address:
[EMAIL PROTECTED] root]# ip addr show eth0 primary
4: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:02:b3:19:e8:c2 brd ff:ff:ff:ff:ff:ff
inet 216.171.153.135/26 brd 216.171.153.191 scope global eth0
inet 216.171.153.136/24 brd 216.171.153.255 scope global eth0:0[EMAIL PROTECTED] root]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:02:B3:19:E8:C2
inet addr:216.171.153.135 Bcast:216.171.153.191 Mask:255.255.255.192
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:14033505 errors:0 dropped:0 overruns:0 frame:0
TX packets:4948976 errors:0 dropped:0 overruns:0 carrier:0
collisions:10938 txqueuelen:1000
RX bytes:1904105932 (1815.8 Mb) TX bytes:596400118 (568.7 Mb)
Interrupt:5 Base address:0xef00 Memory:ffafe000-ffafe038
This causes the awk code to output mutliple sets of configuration data, with the later (and undesired) IP address(es) overriding the desired primary IP address.
This problem can easily be fixed by changing:
eval `ip addr show $phys primary |
to:
eval `ip addr show $phys primary | grep inet | sed -n 1p |
...which works, but is kind of slow and fires off several extra processes. There's probably a way to do this entirely in Awk (ignoring all but the first line that matches 'inet'), but I'm not fluent enough with awk code to know how to do this.
Can the current maintainer of the Bering ipsec package add the above tweak, or massage the awk code to do the same thing?
-- Charles Steinkuehler [EMAIL PROTECTED]
------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
