[Openswan Users] xl2tpd source address problem

[Mariusz Droździel]

Hi,

>> address, xl2tpd wont work probperly. The issue is, that even though 
>> IPSEC connection is estalished fine, xl2tpd replays to the client 
>> with the first address on the interface as the source address:
> This is with listen-addr set to 0.0.0.0 ?
> We have never tested this scenario. It might require some 
> Patching to xl2tp to keep track of the incoming ip address.

Yes, listen-addr is set to 0.0.0.0. The only solution I can image at this 
point is to start two different xl2tpd instances, each binded to its own
address. 

If I start OpenSWAN/xl2tpd instances with both IPs up on a host, then 
everything works fine. I can move IPs between nodes just fine. However is
Pluto crashes, or anything gets restarted then the setup wont work anymore 
at all. Even though host will bring up new IP, applications wont be 
binded on it. Restarting OpenSWAN/xl2tpd when theres a change on VRRP level
will work, but exising connections will get cut of, which is kinda crappy 
solution anyway. 

Maybe do you have any other suggestions about building IPSEC-HA solution 
on Linux? Theres not much resources about that kind of setup on the web 
at all.