[Openswan dev] why pluto adds the leftsourceip to the ipsec device?
Roel van Meer
rolek at bokxing.nl
Tue Feb 8 04:53:13 EST 2011
Wolfgang Nothdurft writes:
>> Since openswan 2.6.32 the leftsourceip is added with a /32 netmask, thus
>> preventing any local routes to be added via the ipsec interface. This should
>> fix the problem you have with losing access to your lan.
Sorry, this was a different problem.
>> Which version is it that you are experiencing this problem with?
>
> I use 2.6.29 with klips and I can't see any changes in 2.6.32.
>
> I think it is a problem with the query:
>
> 287 cidr=${PLUTO_MY_CLIENT##*/}
> 288 snet=${PLUTO_MY_SOURCEIP%/*}/32
> 289 if test "${PLUTO_PEER_CLIENT}" != "${cidr}"
> 290 then
> 291 snet=${PLUTO_MY_SOURCEIP%/*}/${cidr}
> 292 fi
>
>
> "${PLUTO_PEER_CLIENT}" != "${cidr}" always differs
>
> mustn't it be
>
> "${PLUTO_PEER_CLIENT##*/}" != "${cidr}"
>
> but anyway why ipsec needs this local ip on the ipsec device?
I don't know - I never get any local IP addresses on my ipsec device,
whether the netmasks match or not. But as far as I can see, it shouldn't be
necessary at all.
How does your tunnel config look like?
Aside from this: do we have any details on this bug #66215?
Regards,
Roel
More information about the Dev
mailing list