[Openswan Users] Interface weirdness

Leander Koornneef leander at ic-s.nl
Mon Apr 18 13:17:39 CEST 2005


Hi,

I'm seeing some strange things happening using openswan 2.2.0 on
Debian/Woody with kernel 2.4.27 and also using openswan 2.3.1 with kernel
2.4.30
We are in the process of making the WAN at one of our clients redundant
and the two endpoints (let's call them left and right :-) ) are both
connected to two different ISPs.

                    LEFT                                                  
                        RIGHT
connA:        ipsec0/eth0/1.1.1.1 =========================
2.2.2.2/eth0:0/ipsec0
    
connB :       ipsec1/eth3/3.3.3.3 =========================
4.4.4.4/eth0:1/ipsec1

Both these tunnels work, which means I can 'ping -I 1.1.1.1 2.2.2.2' and
'ping -I 3.3.3.3 4.4.4.4' and vice versa. 
As you can see, on the left side, ipsec0 and ipsec1 are on seperate
physical interfaces, whereas on the right side we're using aliases on one
physical interface.
So now for the strangeness:

When I do 'ping -I 1.1.1.1 2.2.2.2', I see traffic passing through the
ipsec0 interfaces on both sides (using tcpdump).
When I do 'ping -I 3.3.3.3 4.4.4.4', I see traffic passing through ipsec1
on the left side. On the right side however, I see incoming traffic
passing through ipsec0 and outgoing traffic passing through ipsec1.....
It seems to me that this right-side traffic should only pass through
ipsec1?

I have no other explanation for this than a possible bug in openswan
(unless the setup using aliases is not supported).
(It might be a bug in libpcap, but I can block the right-side ipsec0
traffic with iptables, so that's not very likely)

Keep up the good work!

regards,

Leander

--
IC&S B.V.					
Stadhouderslaan 57
3583 JD Utrecht
http://www.ic-s.nl

Phone: +31 30 6355730
Fax: +31 30 6355731
E-mail: leander at ic-s.nl



More information about the Users mailing list