Description of problem: Network startup script (/etc/init.d/network) brings up ipsec tunnels before vlan (802.1Q) interfaces. While starting ipsec tunnel startup script fails to add route handling traffic between tunneled networks because tunneled network is not configured yet. Version-Release number of selected component (if applicable): initscripts-8.45.19.1.EL-1 Steps to reproducible: 0. network is stopped 1. configure WAN interface (ifcfg-eth0) DEVICE=eth0 BOOTPROTO=none ONBOOT=yes IPADDR=10.1.1.2 NETMASK=255.255.255.0 GATEWAY=10.1.1.1 TYPE=Ethernet 2. configure LAN interface on VLAN device (ifcfg-eth1.1) DEVICE=eth1.1 ONBOOT=yes BOOTPROTO=none TYPE=Ethernet IPADDR=10.10.1.1 NETMASK=255.255.255.0 VLAN=yes TYPE=Ethernet 3. configure IPSEC in tunnel mode (ifcfg-ipsec0) TYPE=IPSEC ONBOOT=yes IKE_METHOD=PSK AH_PROTO=none ESP_PROTO=aes SRC=10.1.1.10 DST=10.1.1.1 SRCNET=10.10.1.0/24 DSTNET=10.20.1.0/24 4. start network /etc/init.d/network start Actual results: #ip route 10.1.1.0/24 dev eth0 proto kernel scope link src 10.1.1.2 10.10.1.0/24 dev eth1.1 proto kernel scope link src 10.10.1.1 default via 10.1.1.1 dev eth0 (routing to 10.20.1.0/24) is missing Expected results: #ip route 10.20.1.0/24 via 10.10.1.1 dev eth1.1 src 10.10.1.1 10.1.1.0/24 dev eth0 proto kernel scope link src 10.1.1.2 10.10.1.0/24 dev eth1.1 proto kernel scope link src 10.10.1.1 default via 10.1.1.1 dev eth0
Created attachment 330107 [details] patch for this issue Does the atttached work for you?
yes, patch seems to correct the problem
initscripts-8.86.1-1 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/initscripts-8.86.1-1
initscripts-8.86.2-1 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/initscripts-8.86.2-1
initscripts-8.86.3-1 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
Please test the erratum candidate: http://people.redhat.com/harald/downloads/initscripts/initscripts-8.45.26.1.el5/
looks/works ok
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2009-1344.html