-----BEGIN PGP SIGNED MESSAGE-----
On Thursday 07 August 2003 17:29, Noel Kelly wrote:
> I have been using Freeswan for several years without a problem but have
> run into an odd one setting up a new gateway with the Freeswan 1.99 RPM
> supplised with Suse 8.2.
>
> An ipsec whack --status keeps giving me this:
>
> 000 "kenham": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s;
> rekey_fuzz: 100%; keyingtries: 0
> 000 "kenham": policy: RSASIG+ENCRYPT+TUNNEL+PFS; interface: ; unrouted
> 000 "kenham": newest ISAKMP SA: #0; newest IPsec SA: #0; eroute owner:
> #0
>
> I have the 'interfaces=%defaultroute' line in the 'config setup' section
> and have also tried 'interfaces= ipsec0=eth0' to no avail. Just before
> I started this message I tried starting ipsec again and lo and behold
> the interface came up fine and connected to the other site. I stopped
> and started ipsec again and am now back to square one again.
Provide logs. Better yet, provide the output of the "ipsec barf" command as
the problem is occurring.
> Does anyone have any insight as to why the %defaultroute setting would
> work intermittently? What exactly is the mechanism it uses to decide
> which interface to hook on to?
Here's the code from 2.01's _startklips, (line 186):
defaultinterface() {
phys=`netstat -nr |
awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $NF }'`
if test " $phys" = " "
then
echo "no default route, %defaultroute cannot cope!!!"
exit 1
fi
if test `echo " $phys" | wc -l` -gt 1
then
echo "multiple default routes, %defaultroute cannot cope!!!"
exit 1
fi
next=`netstat -nr |
awk '$1 == "0.0.0.0" && $3 == "0.0.0.0" { print $2 }'`
klipsinterface "ipsec0=$phys" $next
}
Basically, it parses the kernel routing table looking for a (single) route to
0.0.0.0/0. It's functioned intermittently for me when I've used it with pppoe
based interfaces; sometimes, the default route "goes away" and doesn't come
back. I've got a modified ip-up.local which ensures the default route is in
place before starting ipsec.
- --
Sam Sgro
[EMAIL PROTECTED]
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
Comment: For the matching public key, finger the Reply-To: address.
iQCVAwUBPzLU7EOSC4btEQUtAQHpMgQAi/63mONQlmf6ftd9FMMmnJyTWUA76cPr
i0eH8QAZQesna8Rl6iNaB8GIvzLyK+O61HqoQlvmPF3beyRnWUC3qor0u/N3zzCn
tTJMMYRVi5R0AYzf/SEcgkuHYvKhBMilUPf5Y1GRgyjrJRV5o35gXFfQZwlW8cgM
aQuSJxKVQ3Q=
=geJm
-----END PGP SIGNATURE-----
_______________________________________________
FreeS/WAN Users mailing list
[EMAIL PROTECTED]
https://mj2.freeswan.org/cgi-bin/mj_wwwusr
