[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: Solaris 8 + IPsec tunnel + ipf = panic
From:       "bsd unix" <bsdunix () mail ! com>
Date:       2003-02-28 20:51:53
[Download RAW message or body]

> I wrote:
> >panic: ptl1 trap reason 0x2
> >
> >panicsys(104236b0,1040c278,104082a8,78002000,0,f) + 44
> >vpanic(104082a8,1040c278,31,0,2a1,30000f41d70) + cc
> >panic(104082a8,2,0,0,0,2a382c0) + 1c
> >sys_tl1_panic(5f029f61b8,2a100041fc8,0,120,0,0) + 8
> >fr_qout(1,78037868,20,102eb154,0,3000110db18) + 400

Casper.Dik@Sun.COM wrote:
> Stack overflows in  the scenario do not happen because lack of
> stack but because the algorithms goes into a loop,
> recursing on the stack.

I had a feeling that was the problem  :)

> I've had that happen when something goes wrong, routing
> wise.  I do *not* use two default routes myself; rather a handfu;
> of "preferred routes" plus one default route.
> 
> What exact rules do you use?  You need to explicitely forward
> to the first hop router on the other interface.

That should match what I have (where the .1's are routers):

pass out quick on hme2 to hme0:10.1.1.1 from 10.1.1.2 to any
pass out quick on hme0 to hme2:10.2.2.1 from 10.2.2.2 to any
[snip bunch of simple block rules]

The tunnel runs over one of the default routes.  I add a static
route on one endpoint to direct the vpn traffic through the tunnel.

Thanks very much for the quick response!!  If there's any more 
information I can provide, please let me know.

-- 
__________________________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup

[prev in list] [next in list] [prev in thread] [next in thread]