Hello, On Mon, 25 Jun 2007, Seba Tiponut wrote: > I use Julian Anastasov 'routes' (to be more specific: static_routes, > alt_routes and nf_reroute) patches on a 2.4.32 kernel. On the same host I run > IPSec. I have discovered after a few hours of networking problems that, > when IPSec is enabled on that patched kernel, inspecting packets with tcpdump > while arping-ing a host from a network physically connected to this machine, > the arp requests show up on the ipsecX interface instead of the ethX > interface. When IPSec isn't running, Julian's code works fine. I suspect it > has something to do with having two interfaces with the same data (ipsecX > mirroring the configuration from ethX). > Can anyone give me a hint on how could I solve this problem? I've googled a > long time to no avail and I don't have the necessary skills to debug the > networking code from kernel. May be you have to replace your _updown script with one that supports "ip route" and "ip rule" commands instead of the old "route" tool. By this way you can use "ip rule ... from LNET to RNET" to properly route traffic for the negotiated subnets. If I remember correctly, the default _updown script does not consider negotiated LNET at all. As for routes patch, it will prefer NOARP devices when the neighbours on ARP device are not marked as reachable in ARP cache. So, it is risky to rely on wrong routes, especially after routes patch is applied. Regards -- Julian Anastasov <ja@xxxxxx> _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc