[Openswan dev] why pluto adds the leftsourceip to the ipsec device?

Roel van Meer rolek at bokxing.nl
Tue Feb 8 04:53:13 EST 2011

Wolfgang Nothdurft writes:

>> Since openswan 2.6.32 the leftsourceip is added with a /32 netmask, thus 
>> preventing any local routes to be added via the ipsec interface. This should 
>> fix the problem you have with losing access to your lan.

Sorry, this was a different problem.

>> Which version is it that you are experiencing this problem with?
> I use 2.6.29 with klips and I can't see any changes in 2.6.32.
> I think it is a problem with the query:
> 287     cidr=${PLUTO_MY_CLIENT##*/}
> 288     snet=${PLUTO_MY_SOURCEIP%/*}/32
> 289     if test "${PLUTO_PEER_CLIENT}" != "${cidr}"
> 290     then
> 291         snet=${PLUTO_MY_SOURCEIP%/*}/${cidr}
> 292     fi
> "${PLUTO_PEER_CLIENT}" != "${cidr}"  always differs
> mustn't it be
> "${PLUTO_PEER_CLIENT##*/}" != "${cidr}"
> but anyway why ipsec needs this local ip on the ipsec device?

I don't know - I never get any local IP addresses on my ipsec device, 
whether the netmasks match or not. But as far as I can see, it shouldn't be 
necessary at all.

How does your tunnel config look like?

Aside from this: do we have any details on this bug #66215?



More information about the Dev mailing list