[Openswan Users] leftsourceip
newsgroups at 2thebatcave.com
Mon Dec 5 21:18:49 CET 2005
> the paramter changes the default source address used between the two ipsec
> endpoints. If those servers are expecting to talk on their public IP
> addresses (eg ldap replication or something) then those communications
> fail. Also, imagine one of the servers is a DNS server on the public ip,
> you won't be able to talk to it from the other end. You need to change it
> to talk to the private IP instead, since no cleartext packets are allowed
> between the hosts once crypto is setup for them.
I can't seem to confirm that behavior. I have both sides setup with the
leftsourceip to the local internal ip address, but I have no problems
talking to public side.
I have tried from a workstation to the public ip on the remote gateway,
and it works just find and tcpdump says it is unencrypted. I have also
tried from a gateway to the public ip on the other gateway, and I can
connect to it and tcpdump also says that I am doing it unencrypted as
I just can't find anything that doesn't work better by setting this
parameter. What am I missing here? Is there a test I could run that
might give me some insight?
More information about the Users