[Openswan Users] Encapsulate IP packets using source address different from local host's IP address

Paul Wouters paul at xelerance.com
Tue Feb 17 17:56:03 EST 2009

On Tue, 17 Feb 2009, Jianqing Zhang wrote:

> I configure SPs ans SAs using "ip xfrm policy" and "ip xfrm state" for
> outgoing IP packets on My purpose is to use SA whose
> source IP is different from the local host.
> SP:
> src dst proto udp dport 5002
> dir out priority 2080 ptype main
> tmpl src dst
> proto esp reqid 10199 mode tunnel
> SA:
> src dst
> proto esp spi 0x43001999 reqid 10199 mode tunnel
> replay-window 32
> auth hmac(sha1) 0x470b8df161ce85b0ecf870540a78929a8cd9b953
> enc cbc(aes) 0xfbd25327d46ca4714bda3dedc80e8b86
> sel src dst proto udp dport 5002
> However, when I try to send a UDP packet, I get the following error message:

Use IKE and autmatic keying, instead of manual keying. You
can use leftsubnet=someip/32 if it differs from your real ip.


More information about the Users mailing list