[Openswan Users] leftsourceip
Nick
newsgroups at 2thebatcave.com
Wed Dec 7 07:13:17 CET 2005
Awesome, I guess that clears up all my questions.
Thanks,
nick
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Nick wrote:
>
>> I can't seem to confirm that behavior. I have both sides setup with the
>> leftsourceip to the local internal ip address, but I have no problems
>> talking to public side.
>
> You are right. Behaviour paul described is specific and IMHO incorrect
> behaviour of KLIPS. Netkey will allow connumication without problems.
>
>> I have tried from a workstation to the public ip on the remote gateway,
>> and it works just find and tcpdump says it is unencrypted. I have also
>> tried from a gateway to the public ip on the other gateway, and I can
>> connect to it and tcpdump also says that I am doing it unencrypted as
>> well.
>
> Yes, You are right again, leftsourceip only changes source ip from
> packets produced by gw intself and destinated to remote network.
>>
>> I just can't find anything that doesn't work better by setting this
>> parameter. What am I missing here? Is there a test I could run that
>> might give me some insight?
>
> You are not missing anything but the main problem.
>
> Openswan can't really guess which ip to use as sourceip. That's why
> (left/right)sourceip= is config-file parameter which won't be filled by
> automation. I don't know one case where it could be filled correctly by
> any automation.
>
> - --
> Tuomo Soini <tis at foobar.fi>
> Linux and network services
> +358 40 5240030
> Foobar Oy <http://foobar.fi/>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
> Comment: Using GnuPG with Foobar - http://enigmail.mozdev.org
>
> iD8DBQFDlt23TlrZKzwul1ERApVNAKCSg5x8mH9ytqaE10EbP7STBQma5QCdFYz2
> wtA+GT5llrztCPzw/ILuSvY=
> =TB33
> -----END PGP SIGNATURE-----
>
More information about the Users
mailing list