[Openswan Users] IP address remains for ipsec interface after stopping openswan

Sandor Geller wildy at balabit.hu
Tue May 2 13:31:51 CEST 2006


I encountered the following problem:

With openswan 2.4.5 I'm using an IP alias for the ipsec0 interface. When
I start openswan everything works. However when I stop openswan and
deconfigure the ip alias from the ethernet iterface, the IP address
remains for the ipsec0 interface and the system still responds to ARP
requests, which is my problem - especially because the system is part of
a failover cluster.

As a workaround I set arp_filter to 1, and so far it works.

Is this the intended behaviour? Older (1.x) Openswan versions deleted
the ipsec interfaces while stopping.


Sandor Geller
wildy at balabit.hu

More information about the Users mailing list