[Openswan dev] why pluto adds the leftsourceip to the ipsec device?

Roel van Meer rolek at bokxing.nl
Tue Feb 8 01:39:54 EST 2011

Wolfgang Nothdurft writes:

> as I reported in https://gsoc.xelerance.com/issues/1199 there is a
> problem when the netmask between the configured leftsubnet and the real
> local subnet differs.
> Another problem can be when doing an ifdown/up on the local interface
> which is not the ipsec base interface. Then the local route is added
> after the ipsec route and no access to the lan is possible.
> My general question is, why there is a need to add the leftsourceip to
> the ipsec device?

Since openswan 2.6.32 the leftsourceip is added with a /32 netmask, thus 
preventing any local routes to be added via the ipsec interface. This should 
fix the problem you have with losing access to your lan.

Which version is it that you are experiencing this problem with?


> Are the addsource and changesource functions in the updown script
> necessary nowadays, with actual systems.
> The doroute function adds a route to the remote net with the
> leftsourceip as src, so all traffic are getting the right sourceip or
> are there some corner cases that I miss.
> Regards
> Wolfgang
> _______________________________________________
> Dev mailing list
> Dev at openswan.org
> http://lists.openswan.org/mailman/listinfo/dev

More information about the Dev mailing list