(E-Mail Removed) wrote:
> I have a box with a virtual interface that terminates IPSec tunnels.
> This interface used to use an IP Address within the same subnet as the
> addresses assigned to the users end of the IPSec tunnel. Design
> changes have forced me to change my virtual interface on the hub end to
> use a loopback address. Now, gated gives me errors when those
> endpoints send their RIP updates down.
>
> Mar 16 12:57:10 rip_recv: ignoring RIP Response packet from
> 10.255.17.223+520 - not on same net
> Mar 16 12:57:10 rip_recv: ignoring RIP Response packet from
> 10.255.16.215+520 - not on same net
> Mar 16 12:57:10 rip_recv: ignoring RIP Response packet from
> 10.255.17.152+520 - not on same net
> Mar 16 12:57:10 rip_recv: ignoring RIP Response packet from
> 10.255.16.193+520 - not on same net
> Mar 16 12:57:10 rip_recv: ignoring RIP Response packet from
> 10.255.16.91+520 - not on same net
>
> How do I tell gated that these routes MUST be learned from my virtual
> interface (vn0)? If possible, I need to be able to do this generically
> (without specifying actual subnets if possible). I then need to send
> these routes out eth1.
>
> Thanks,
> Jim
>
Fix your design.
It is normal for tunnels to be treated the same way as point-to-point
WAN links - assign a subnet with a 255.255.255.252 mask to the tunnel,
and give each end one of the two allowable host numbers on that subnet.
e.g. 10.11.12.12 255.255.255.252 allows 4 host addresses:
10.11.12.12 - 10.11.12.15. The first and last cannot be used as host
addresses, but the middle 2 (13 & 14) can.
When gated receives RIP updates from another router that is on the
SAME SUBNET AS THE RECEIVING INTERFACE, then it will accept them.
Updates from a different subnet are (must be) ignored, treating them as
though coming from crossed lines.
Steve.
Similar Threads
Linear Mode
