[Openswan Users] leftsourceip

Nick newsgroups at 2thebatcave.com
Mon Dec 5 21:18:49 CET 2005


> the paramter changes the default source address used between the two ipsec
> endpoints. If those servers are expecting to talk on their public IP
> addresses (eg ldap replication or something) then those communications
> will
> fail. Also, imagine one of the servers is a DNS server on the public ip,
> you won't be able to talk to it from the other end. You need to change it
> to talk to the private IP instead, since no cleartext packets are allowed
> between the hosts once crypto is setup for them.

I can't seem to confirm that behavior.  I have both sides setup with the
leftsourceip to the local internal ip address, but I have no problems
talking to public side.

I have tried from a workstation to the public ip on the remote gateway,
and it works just find and tcpdump says it is unencrypted.  I have also
tried from a gateway to the public ip on the other gateway, and I can
connect to it and tcpdump also says that I am doing it unencrypted as
well.

I just can't find anything that doesn't work better by setting this
parameter.  What am I missing here?  Is there a test I could run that
might give me some insight?


More information about the Users mailing list