[Openswan Users] multiple disjoint private subnets
Herbert Xu
herbert at gondor.apana.org.au
Fri Jul 9 08:37:31 CEST 2004
David Mattes <david.mattes at boeing.com> wrote:
>
> How do I get all traffic to flow through the ipsec interface with a
> source ip address specified by leftsourceip? I thought it would be
> rightsubnet=0.0.0.0/0. If I use this description, I don't get packets
> leaving with the correct source address, and ip route show has the entry
> (should have a src address entry):
> 0.0.0.0/1 via 130.42.32.1 dev ipsec0
That's because updown doesn't set the source address or table when
the route is for 0.0.0.0/0. I don't see why that should be the case.
So how about this patch?
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
Index: programs/_updown/_updown.ip2.in
===================================================================
RCS file: /public/cvs/openswan-2/programs/_updown/_updown.ip2.in,v
retrieving revision 1.11
diff -u -r1.11 _updown.ip2.in
--- programs/_updown/_updown.ip2.in 1 Jun 2004 13:30:57 -0000 1.11
+++ programs/_updown/_updown.ip2.in 8 Jul 2004 21:40:42 -0000
@@ -321,8 +321,8 @@
# opportunistic encryption work around
# need to provide route that eclipses default, without
# replacing it.
- it="ip route $1 0.0.0.0/1 $parms2 &&
- ip route $1 128.0.0.0/1 $parms2"
+ it="ip route $1 0.0.0.0/1 $parms2 $parms3 &&
+ ip route $1 128.0.0.0/1 $parms2 $parms3"
;;
*) it="ip route $1 $parms $parms2 $parms3"
;;
More information about the Users
mailing list