UNIX admin wrote:
I have a laptop which communicates with the firewall over a bridged wireless
interface.
To minimize security risks, I configured ip.tun0 to push the data through the
physical interface (rtls0), which in turn is configured with IPSec + IKE.
In the file /etc/defaultrouter I specified the ip.tun0 interface's address, as
I want all and any communication to go through the encrypted tunnel by default.
What is happening, however, is that when the system comes up, ip.tun0 is
configured, but the default route is not!
However, if I do
route add net default <firewall's ip.tun0 IP address>
manually, the route comes up and everything works.
This leads me to believe that the default route in /etc/defaultrouter is
attempted to be configured before the ip.tun0 interface is brought up. Is this
true?
That's exactly the problem. It's a bug, but as you'll see down below,
it's quite inconsequential at this point.
What could I do, in a Sun-compliant way, to get the default route to
automatically come up?
There's a _much_ better way of adding persistent static routes now in
Solaris. /etc/defaultrouters is a legacy hack, and we should eventually
get rid of it. In Solaris 11, you can use route(1M)'s -p option to make
routes persist. Just add -p to your route command above, and it will be
configured automatically at every boot. Incidentally, these static
routes are added after all interfaces on the system have been
configured, including tunnels.
-Seb
_______________________________________________
networking-discuss mailing list
[email protected]
