[Openswan Users] Asynchronous ipsec traffic
Sven Schiwek
ml-openswan at svenux.de
Wed Oct 14 15:02:04 EDT 2009
Ah good to here that this is a normal situation.
Thanks
Sven
On Oct 14, 2009, at 4:07 PM, Paul Wouters wrote:
> On Wed, 14 Oct 2009, Sven Schiwek wrote:
>
>>
>> My VPN server (Openswan 2.4.15) has one public interface and multiple
>> virtual interfaces (eth0, eth0:1, eth0:2,...) with public IP
>> addresses.
>> I have configured one connection on "eth0 (111.111.111.111) ->
>> ipsec0" (it's working fine) and one on eth0:3 (222.222.222.222) ->
>> ipsec1.
>>
>> It's interesting that the second connection uses both ipsec
>> interfaces. Outgoing traffic goes through ipsec1 and incoming traffic
>> over ipsec0.
>
> This is an artifact of the ip aliassing, where the interfaces are both
> "different" but the "same". Also, when NAT-T is involved, all traffic
> might seem to be coming from ipsec0.
>
> Apart from needing changing your firewall rules, it should have no
> other side
> effects.
>
> Paul
>
More information about the Users
mailing list