David T Hollis
2003-11-11 14:31:35 UTC
I recently managed to get the Linux 2.6 IPSEC up and running using the
ipsec-tools RPM that was briefly in Rawhide. While converting to use
the support that is in initscripts for IPSEC, I noticed that the scripts
attempt to create an IP route:
ip route add to $DSTNET via $DST
if it's a tunnel connection. In my scenario (which I think is the
pretty typical scenario of LAN_A -> gw1 -> Internet <- gw2 <- LAN_B),
that call fails with: RTNETLINK answers: Network is unreachable. This
call is failing because $DST is not on my local network so it can't be
the next hop. I've found that the scripts work fine with that line
erroring out or commented out so it is innocuous. Just curious as to
what the reasoning was for that statement.
Otherwise, thanks a bunch for putting the support into initscripts,
really cuts down on a lot of work!
ipsec-tools RPM that was briefly in Rawhide. While converting to use
the support that is in initscripts for IPSEC, I noticed that the scripts
attempt to create an IP route:
ip route add to $DSTNET via $DST
if it's a tunnel connection. In my scenario (which I think is the
pretty typical scenario of LAN_A -> gw1 -> Internet <- gw2 <- LAN_B),
that call fails with: RTNETLINK answers: Network is unreachable. This
call is failing because $DST is not on my local network so it can't be
the next hop. I've found that the scripts work fine with that line
erroring out or commented out so it is innocuous. Just curious as to
what the reasoning was for that statement.
Otherwise, thanks a bunch for putting the support into initscripts,
really cuts down on a lot of work!