[Openswan dev] why pluto adds the leftsourceip to the ipsec device?
Wolfgang Nothdurft
wolfgang at linogate.de
Tue Feb 8 04:35:24 EST 2011
Am 08.02.2011 07:39, schrieb Roel van Meer:
> Wolfgang Nothdurft writes:
>
>> as I reported in https://gsoc.xelerance.com/issues/1199 there is a
>> problem when the netmask between the configured leftsubnet and the real
>> local subnet differs.
>>
>> Another problem can be when doing an ifdown/up on the local interface
>> which is not the ipsec base interface. Then the local route is added
>> after the ipsec route and no access to the lan is possible.
>>
>> My general question is, why there is a need to add the leftsourceip to
>> the ipsec device?
>
> Since openswan 2.6.32 the leftsourceip is added with a /32 netmask, thus
> preventing any local routes to be added via the ipsec interface. This should
> fix the problem you have with losing access to your lan.
>
> Which version is it that you are experiencing this problem with?
I use 2.6.29 with klips and I can't see any changes in 2.6.32.
I think it is a problem with the query:
287 cidr=${PLUTO_MY_CLIENT##*/}
288 snet=${PLUTO_MY_SOURCEIP%/*}/32
289 if test "${PLUTO_PEER_CLIENT}" != "${cidr}"
290 then
291 snet=${PLUTO_MY_SOURCEIP%/*}/${cidr}
292 fi
"${PLUTO_PEER_CLIENT}" != "${cidr}" always differs
mustn't it be
"${PLUTO_PEER_CLIENT##*/}" != "${cidr}"
but anyway why ipsec needs this local ip on the ipsec device?
Regards
More information about the Dev
mailing list