[Openswan Users] Encapsulate IP packets using source address different from local host's IP address
Paul Wouters
paul at xelerance.com
Tue Feb 17 17:56:03 EST 2009
On Tue, 17 Feb 2009, Jianqing Zhang wrote:
> I configure SPs ans SAs using "ip xfrm policy" and "ip xfrm state" for
> outgoing IP packets on 192.168.1.20. My purpose is to use SA whose
> source IP is different from the local host.
>
> SP:
> src 192.168.1.20/32 dst 224.0.0.4/32 proto udp dport 5002
> dir out priority 2080 ptype main
> tmpl src 192.168.1.254 dst 224.0.0.4
> proto esp reqid 10199 mode tunnel
>
> SA:
> src 192.168.1.254 dst 224.0.0.4
> proto esp spi 0x43001999 reqid 10199 mode tunnel
> replay-window 32
> auth hmac(sha1) 0x470b8df161ce85b0ecf870540a78929a8cd9b953
> enc cbc(aes) 0xfbd25327d46ca4714bda3dedc80e8b86
> sel src 0.0.0.0/0 dst 0.0.0.0/0 proto udp dport 5002
>
> However, when I try to send a UDP packet, I get the following error message:
Use IKE and autmatic keying, instead of manual keying. You
can use leftsubnet=someip/32 if it differs from your real ip.
Paul
More information about the Users
mailing list