Hello Richard, I've looked through the changes between ipsec from 2.2.3 and 2.3rc1, there was a change in the start/stop levels of ipsecs init.d script due to warnings when stopping ipsec. The differences are: (2.2.3): RCDLINKS="0,K42 1,K42 2,S42 3,S42 4,S42 5,S42 6,K42" (2.3rc1): RCDLINKS="0,K19 1,K19 2,S21 3,S21 4,S21 5,S21 6,K19"
It could be that the ppp interface isn't full brought up, before ipsec is started. You could try to change the /etc/init.d/ipsec script to read: RCDLINKS="0,K19 1,K19 2,S41 3,S41 4,S41 5,S41 6,K19" Although the following line in you log is also somewhat strange: "Sep 28 14:26:52 firewall ipsec_setup: WARNING: ppp0 has route filtering turned on, KLIPS may not work Sep 28 14:26:52 firewall" Did you also had that warning with 2.2.3? You can turn of route filtering by setting "spoofprotect=no" in lrcfg -> 1) Network configuration -> 2) network options file (/etc/network/options) Eric Spakman > Hi > I am setting up uClibc 2.3rc1. > I have copied the ipsec.conf file from my uClibc 2.23 box which has > always worked ok. When starting up I get the following errors > in auth.log: > > Sep 28 13:57:09 firewall pluto[21197]: no public interfaces found > > > in daemon.log: > > Sep 28 13:57:07 firewall ipsec_setup: no default route, %defaultroute > cannot cope!!! Sep 28 13:57:08 firewall ipsec_setup: ...Openswan IPsec > started Sep 28 13:57:09 firewall ipsec__plutorun: ipsec_auto: fatal error > in "w2k": %defaultroute requested but not known > Sep 28 13:57:09 firewall ipsec__plutorun: ipsec_auto: fatal error in > "net-net": %defaultroute requested but not known > > > When the box finishes starting if I type "ipsec setup restart" it runs > fine. > > Sep 28 14:26:50 firewall ipsec_setup: Stopping Openswan IPsec... > Sep 28 14:26:50 firewall ipsec_setup: stop ordered, but IPsec does > not appear to be running! Sep 28 14:26:50 firewall ipsec_setup: doing > cleanup anyway... Sep 28 14:26:51 firewall ipsec_setup: ...Openswan IPsec > stopped Sep 28 14:26:51 firewall ipsec_setup: Starting Openswan IPsec > 1.0.9... > Sep 28 14:26:51 firewall ipsec_setup: Using /lib/modules/ipsec.o > Sep 28 14:26:51 firewall ipsec_setup: KLIPS debug `none' > Sep 28 14:26:52 firewall ipsec_setup: KLIPS ipsec0 on ppp0 > 220.245.99.4 peer 202.7.162.162/32 > Sep 28 14:26:52 firewall ipsec_setup: WARNING: ppp0 has route > filtering turned on, KLIPS may not work Sep 28 14:26:52 firewall > ipsec_setup: (/proc/sys/net/ipv4/conf/ppp0/rp_filter = `1', should be 0) > Sep 28 14:26:52 firewall ipsec_setup: ...Openswan IPsec started > > > Here is my setup: > # basic configuration > config setup interfaces=%defaultroute klipsdebug=none plutodebug=none > plutoload=%search plutostart=%search uniqueids=yes > > > > # defaults for subsequent connection descriptions > conn %default keyingtries=0 > > conn net-net authby=rsasig left=220.245.99.4 leftsubnet=192.168.1.0/24 > leftrsasigkey=[keyid AQON] leftnexthop=%defaultroute right=220.244.10.142 > rightsubnet=192.168.0.0/27 rightrsasigkey=[keyid AQN7] > rightnexthop=%defaultroute pfs=yes auto=add > > conn w2k authby=rsasig left=220.245.99.4 leftsubnet=192.168.1.0/24 > leftnexthop=%defaultroute leftrsasigkey=%cert leftcert=fwCert.pem right=%any > rightrsasigkey=%cert leftid="CN=fw" pfs=yes auto=add # > > > Any ideas on what might be happening? > > > > > > > > ------------------------------------------------------- > This SF.Net email is sponsored by: > Power Architecture Resource Center: Free content, downloads, discussions, > and more. http://solutions.newsforge.com/ibmarch.tmpl > ------------------------------------------------------------------------ > leaf-user mailing list: leaf-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/leaf-user > Support Request -- http://leaf-project.org/ > > ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
