[Openswan dev] why pluto adds the leftsourceip to the ipsec device?
Roel van Meer
rolek at bokxing.nl
Tue Feb 8 01:39:54 EST 2011
Wolfgang Nothdurft writes:
> as I reported in https://gsoc.xelerance.com/issues/1199 there is a
> problem when the netmask between the configured leftsubnet and the real
> local subnet differs.
> Another problem can be when doing an ifdown/up on the local interface
> which is not the ipsec base interface. Then the local route is added
> after the ipsec route and no access to the lan is possible.
> My general question is, why there is a need to add the leftsourceip to
> the ipsec device?
Since openswan 2.6.32 the leftsourceip is added with a /32 netmask, thus
preventing any local routes to be added via the ipsec interface. This should
fix the problem you have with losing access to your lan.
Which version is it that you are experiencing this problem with?
> Are the addsource and changesource functions in the updown script
> necessary nowadays, with actual systems.
> The doroute function adds a route to the remote net with the
> leftsourceip as src, so all traffic are getting the right sourceip or
> are there some corner cases that I miss.
> Dev mailing list
> Dev at openswan.org
More information about the Dev