Thanks Eric
Unfortunately that has had no effect, but I do think you are on the
right track
ie. ipsec is starting before ppp0 is fully up, but since I know nothing except
being able to blindly follow instructions, I don't like my chances of
finding a
solution myself.
Regarding "WARNING: ppp0 has route filtering turned on, KLIPS may not work".
This error has always been there and has never shown any detrimental effects
as far as I know. There have been previous threads regarding this and I think
the conclusion was to ignore it.
At 06:08 PM 28/09/2005, you wrote:
Hello Richard,
I've looked through the changes between ipsec from 2.2.3 and 2.3rc1, there
was a change in the start/stop levels of ipsecs init.d script due to
warnings when stopping ipsec.
The differences are:
(2.2.3): RCDLINKS="0,K42 1,K42 2,S42 3,S42 4,S42 5,S42 6,K42"
(2.3rc1): RCDLINKS="0,K19 1,K19 2,S21 3,S21 4,S21 5,S21 6,K19"
It could be that the ppp interface isn't full brought up, before ipsec is
started. You could try to change the /etc/init.d/ipsec script to read:
RCDLINKS="0,K19 1,K19 2,S41 3,S41 4,S41 5,S41 6,K19"
Although the following line in you log is also somewhat strange:
"Sep 28 14:26:52 firewall ipsec_setup: WARNING: ppp0 has route
filtering turned on, KLIPS may not work Sep 28 14:26:52 firewall"
Did you also had that warning with 2.2.3? You can turn of route filtering
by setting "spoofprotect=no" in lrcfg -> 1) Network configuration -> 2)
network options file (/etc/network/options)
Eric Spakman
> Hi
> I am setting up uClibc 2.3rc1.
> I have copied the ipsec.conf file from my uClibc 2.23 box which has
> always worked ok. When starting up I get the following errors
> in auth.log:
>
> Sep 28 13:57:09 firewall pluto[21197]: no public interfaces found
>
>
> in daemon.log:
>
> Sep 28 13:57:07 firewall ipsec_setup: no default route, %defaultroute
> cannot cope!!! Sep 28 13:57:08 firewall ipsec_setup: ...Openswan IPsec
> started Sep 28 13:57:09 firewall ipsec__plutorun: ipsec_auto: fatal error
> in "w2k": %defaultroute requested but not known
> Sep 28 13:57:09 firewall ipsec__plutorun: ipsec_auto: fatal error in
> "net-net": %defaultroute requested but not known
>
>
> When the box finishes starting if I type "ipsec setup restart" it runs
> fine.
>
> Sep 28 14:26:50 firewall ipsec_setup: Stopping Openswan IPsec...
> Sep 28 14:26:50 firewall ipsec_setup: stop ordered, but IPsec does
> not appear to be running! Sep 28 14:26:50 firewall ipsec_setup: doing
> cleanup anyway... Sep 28 14:26:51 firewall ipsec_setup: ...Openswan IPsec
> stopped Sep 28 14:26:51 firewall ipsec_setup: Starting Openswan IPsec
> 1.0.9...
> Sep 28 14:26:51 firewall ipsec_setup: Using /lib/modules/ipsec.o
> Sep 28 14:26:51 firewall ipsec_setup: KLIPS debug `none'
> Sep 28 14:26:52 firewall ipsec_setup: KLIPS ipsec0 on ppp0
> 220.245.99.4 peer 202.7.162.162/32
> Sep 28 14:26:52 firewall ipsec_setup: WARNING: ppp0 has route
> filtering turned on, KLIPS may not work Sep 28 14:26:52 firewall
> ipsec_setup: (/proc/sys/net/ipv4/conf/ppp0/rp_filter = `1', should be 0)
> Sep 28 14:26:52 firewall ipsec_setup: ...Openswan IPsec started
>
>
> Here is my setup:
> # basic configuration
> config setup interfaces=%defaultroute klipsdebug=none plutodebug=none
> plutoload=%search plutostart=%search uniqueids=yes
>
>
>
> # defaults for subsequent connection descriptions
> conn %default keyingtries=0
>
> conn net-net authby=rsasig left=220.245.99.4 leftsubnet=192.168.1.0/24
> leftrsasigkey=[keyid AQON] leftnexthop=%defaultroute right=220.244.10.142
> rightsubnet=192.168.0.0/27 rightrsasigkey=[keyid AQN7]
> rightnexthop=%defaultroute pfs=yes auto=add
>
> conn w2k authby=rsasig left=220.245.99.4 leftsubnet=192.168.1.0/24
> leftnexthop=%defaultroute leftrsasigkey=%cert leftcert=fwCert.pem
right=%any
> rightrsasigkey=%cert leftid="CN=fw" pfs=yes auto=add #
>
>
> Any ideas on what might be happening?
>
>
>
>
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by:
> Power Architecture Resource Center: Free content, downloads, discussions,
> and more. http://solutions.newsforge.com/ibmarch.tmpl
> ------------------------------------------------------------------------
> leaf-user mailing list: leaf-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> Support Request -- http://leaf-project.org/
>
>
-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
------------------------------------------------------------------------
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/
