Article Content
Article Number | 000017543 |
Applies To | RSA Product Set: SecurID RSA Product/Service Type: RSA Authentication Manager RSA Version/Condition: 8.1 Service Pack 1 Platform: SUSE Enterprise Linux O/S Version: 11 Service Pack 3 |
Issue | How to add static route in RSA Authentication Manager AM 8.0 or 8.1 The static routes added by command "route add" don't work. |
Resolution | The static routes need to be added into both /etc/sysconfig/network/routes and /etc/sysconfig/network/ifroute-eth0 (and/or /etc/sysconfig/network/ifroute-eth1 if the second NIC is enabled in AM 8.0/8.1) files. Then "service network restart". The entries in the routing configuration files look like this:
To omit GATEWAY, NETMASK, PREFIXLEN, or INTERFACE, write - instead. The entries TYPE and OPTIONS may just be omitted.
The entries in the routing configuration files look like this:
https://www.suse.com/documentation/sles11/book_sle_admin/data/sec_basicnet_manconf.html |
Workaround | The AM 8.1.1 Admin Guide gives slightly different method to add static route, with Teth0 table or corresponding Table Here is a synopsis example of what the manual says to do; |
Notes | Pri = 192.168.1.84 DefGW = 192.168.1.61 remote net = 10.53.69.0 remote net GW = 192.168.1.92 all net masks = 255.255.255.0 sudo bash -c "echo '10.53.69.0 192.168.1.92 255.255.255.0 eth0' >> /etc/sysconfig/network/ifroute-eth0" sudo bash -c "echo '10.53.69.0 192.168.1.92 255.255.255.0 eth0 table Teth0' >> /etc/sysconfig/network/ifroute-eth0 table Teth0" sudo service network restart Note: it appears that the table Teth0 entry is used by Java applications such as openssl and Authentication Manager because if you only configure the first entry without the table Teth0, commands like ping will use the static route while java applications like openssl and AM will use the default route. This will be very confusing Errors received: "RTNETLINK answers: Invalid argument" is received if the bit in the IP address is not zero where the network mask is zero. Example: NETMASK=255.255.255.0 with DESTINATION ADDRESS=172.202.238.108 The "108" in the address needs to be replaced with 0 or replace the network mask with 255.255.255.255. |
Legacy Article ID | a67015 |