[Openswan Users]
Paul Wouters
paul at xelerance.com
Tue May 2 16:11:54 CEST 2006
On Tue, 2 May 2006, Sandor Geller wrote:
> I encountered the following problem:
>
> With openswan 2.4.5 I'm using an IP alias for the ipsec0 interface. When
> I start openswan everything works. However when I stop openswan and
> deconfigure the ip alias from the ethernet iterface, the IP address
> remains for the ipsec0 interface and the system still responds to ARP
> requests, which is my problem - especially because the system is part of
> a failover cluster.
>
> As a workaround I set arp_filter to 1, and so far it works.
>
> Is this the intended behaviour? Older (1.x) Openswan versions deleted
> the ipsec interfaces while stopping.
There were problems in the past with unloading the klips module, so that
was disabled.
Though you are right, we should unload it again, since without any loaded
stack it will try klips first. I will make the change for 2.4.6.
Openswan-2.5 will have a configuration option for which stack to use.
Paul
More information about the Users
mailing list