[Openswan Users] Asynchronous ipsec traffic
Paul Wouters
paul at xelerance.com
Wed Oct 14 10:07:41 EDT 2009
On Wed, 14 Oct 2009, Sven Schiwek wrote:
>
> My VPN server (Openswan 2.4.15) has one public interface and multiple
> virtual interfaces (eth0, eth0:1, eth0:2,...) with public IP addresses.
> I have configured one connection on "eth0 (111.111.111.111) ->
> ipsec0" (it's working fine) and one on eth0:3 (222.222.222.222) ->
> ipsec1.
>
> It's interesting that the second connection uses both ipsec
> interfaces. Outgoing traffic goes through ipsec1 and incoming traffic
> over ipsec0.
This is an artifact of the ip aliassing, where the interfaces are both
"different" but the "same". Also, when NAT-T is involved, all traffic
might seem to be coming from ipsec0.
Apart from needing changing your firewall rules, it should have no other side
effects.
Paul
More information about the Users
mailing list