[Openswan Users] How to bind ipsec0 to IP address on
multihomed NIC
Ferdinand O. Tempel
ftempel at linuxops.net
Fri May 5 22:37:37 CEST 2006
On Fri, 2006-05-05 at 10:03 -0400, Brian Gorby wrote:
> We are connecting two LAN gateways, road-warrior to static.
>
> On the static side, a LEAF router, two IP addresses are configured for
> the eth0 interface - one IP address is dynamically assigned while the
> other is a VIP.
>
> # ip addr show eth0
> 3: eth0: <BROADCAST,MULTICAST,NOTRAILERS,UP> mtu 1450 qdisc tbf qlen 1000
> link/ether 00:b0:d0:44:e3:e0 brd ff:ff:ff:ff:ff:ff
> inet x.x.x.139/25 brd x.x.x.255 scope global eth0
> inet x.x.x.117/24 brd x.x.x.255 scope global eth0
>
>
> The problem is that when ipsec0 binds to %defaultroute (eth0), it binds
> specifically to the dynamic address (.139). We are trying to figure out
> how to get it to bind to the VIP (.117).
>
> # ip addr show ipsec0
> 65: ipsec0: <NOARP,UP> mtu 16260 qdisc pfifo_fast qlen 10
> link/ether 00:b0:d0:44:e3:e0 brd ff:ff:ff:ff:ff:ff
> inet x.x.x.139/25 brd 64.211.170.255 scope global ipsec0
>
>
> Any help or points in the right direction would be greatly appreciated.
Find out the virtual interface the IP belongs to with ifconfig instead
of using ip. My guess: eth0:1. Then tell openswan to bind to that
interface: interfaces="ipsec0=eth0:1"
HTH
Regards,
Ferdinand O. Tempel
More information about the Users
mailing list