[Openswan dev] [Commits] [OPENSWAN.git] Changes to ref refs/heads/master

Paul Wouters paul at xelerance.com
Mon Nov 22 17:22:46 EST 2010


On Mon, 22 Nov 2010, Michael Richardson wrote:

>>>>>> "Paul" == Paul Wouters <paul at vault.xelerance.com> writes:
>    Paul>     Do not configure an IP address for mast interface. We
>    Paul> route into it using the route 50 table from the main routing
>    Paul> table.
>
> I think this should be the default, but you want to optionally do this.
>
> The remote-access situation where the IP address is assigned from the
> remote pool (i.e. 192.168.1.yourlaptop) should have that IP on some
> interface, right?

Yes, but that should then be done in _updown.mast?

Currently, this was being done at bootup in init_useful_mast() so there
was no way to not have an IP address there. And at times it would be a
wrong one, causing packet flow issues.

One problem with assigning IP's to interfaces (as is currently also done
with XAUTH) is that we don't track which IPs we added, so we can also not
remove IPs when done. This causes potential harmful clutter on the
interface.

One way of tracking this could be the ipsec.info file, but I think that
file is best obliterated completely.

Paul


More information about the Dev mailing list