[Openswan dev] why pluto adds the leftsourceip to the ipsec device?
Wolfgang Nothdurft
wolfgang at linogate.de
Tue Feb 8 07:58:24 EST 2011
Am 08.02.2011 10:53, schrieb Roel van Meer:
> Wolfgang Nothdurft writes:
>
>>> Since openswan 2.6.32 the leftsourceip is added with a /32 netmask,
>>> thus preventing any local routes to be added via the ipsec interface.
>>> This should fix the problem you have with losing access to your lan.
>
> Sorry, this was a different problem.
>
>>> Which version is it that you are experiencing this problem with?
>>
>> I use 2.6.29 with klips and I can't see any changes in 2.6.32.
>>
>> I think it is a problem with the query:
>>
>> 287 cidr=${PLUTO_MY_CLIENT##*/}
>> 288 snet=${PLUTO_MY_SOURCEIP%/*}/32
>> 289 if test "${PLUTO_PEER_CLIENT}" != "${cidr}"
>> 290 then
>> 291 snet=${PLUTO_MY_SOURCEIP%/*}/${cidr}
>> 292 fi
>>
>>
>> "${PLUTO_PEER_CLIENT}" != "${cidr}" always differs
>>
>> mustn't it be
>>
>> "${PLUTO_PEER_CLIENT##*/}" != "${cidr}"
>>
>> but anyway why ipsec needs this local ip on the ipsec device?
>
> I don't know - I never get any local IP addresses on my ipsec device,
> whether the netmasks match or not. But as far as I can see, it shouldn't
> be necessary at all.
The local ip is only set if you adds
leftsourceip=
to your config.
Wolfgang
More information about the Dev
mailing list