Rick Richard Saunders wrote: > Thanks Eric > Unfortunately that has had no effect, but I do think you are on the > right track > ie. ipsec is starting before ppp0 is fully up, but since I know nothing > except > being able to blindly follow instructions, I don't like my chances of > finding a > solution myself.
This problem has always existed for any connection type. It shows up in a lot of different locations on all Bering versions. I saw this on ppp connections as well as pcmcia based ethernet connections. The common denominator of all these is, that you cannot predict reliably how long they take to come up, but the init script may terminate _before_ they are up completely. What is missing is a generic solution to assert _all_ necessary connections/services are up _before_ any service depending on them is started. This is true for ipsec but also for shorewall and probably other services. I am running a fair number of WRAP boards as IPSEC end points. These boards do not have a battery for the clock, so the time is lost at power down. I am using certificates for the ipsec links, therefore I need to have accurate sytem time. I am running ntpdate early at start up, but a slow connection may make a single ntpdate start fail. So I have to check connectivity to the uplink router and the presence of a default route before I even attempt to update my system time. cheers Erich ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
