[Openswan Users] leftsourceip

Tuomo Soini tis at foobar.fi
Wed Dec 7 15:03:51 CET 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Nick wrote:

> I can't seem to confirm that behavior.  I have both sides setup with the
> leftsourceip to the local internal ip address, but I have no problems
> talking to public side.

You are right. Behaviour paul described is specific and IMHO incorrect
behaviour of KLIPS. Netkey will allow connumication without problems.

> I have tried from a workstation to the public ip on the remote gateway,
> and it works just find and tcpdump says it is unencrypted.  I have also
> tried from a gateway to the public ip on the other gateway, and I can
> connect to it and tcpdump also says that I am doing it unencrypted as
> well.

Yes, You are right again, leftsourceip only changes source ip from
packets produced by gw intself and destinated to remote network.
> 
> I just can't find anything that doesn't work better by setting this
> parameter.  What am I missing here?  Is there a test I could run that
> might give me some insight?

You are not missing anything but the main problem.

Openswan can't really guess which ip to use as sourceip. That's why
(left/right)sourceip= is config-file parameter which won't be filled by
automation. I don't know one case where it could be filled correctly by
any automation.

- --
Tuomo Soini <tis at foobar.fi>
Linux and network services
+358 40 5240030
Foobar Oy <http://foobar.fi/>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Foobar - http://enigmail.mozdev.org

iD8DBQFDlt23TlrZKzwul1ERApVNAKCSg5x8mH9ytqaE10EbP7STBQma5QCdFYz2
wtA+GT5llrztCPzw/ILuSvY=
=TB33
-----END PGP SIGNATURE-----


More information about the Users mailing list