[Openswan dev] why pluto adds the leftsourceip to the ipsec device?

Wolfgang Nothdurft wolfgang at linogate.de
Mon Feb 7 11:10:19 EST 2011


Hi,

as I reported in https://gsoc.xelerance.com/issues/1199 there is a
problem when the netmask between the configured leftsubnet and the real
local subnet differs.

Another problem can be when doing an ifdown/up on the local interface
which is not the ipsec base interface. Then the local route is added
after the ipsec route and no access to the lan is possible.

My general question is, why there is a need to add the leftsourceip to
the ipsec device?

Are the addsource and changesource functions in the updown script
necessary nowadays, with actual systems.
The doroute function adds a route to the remote net with the
leftsourceip as src, so all traffic are getting the right sourceip or
are there some corner cases that I miss.

Regards
Wolfgang


More information about the Dev mailing list