[Openswan Users] setting leftsourceip: no route to host?

[Luca Arzeni]

Hi,
I need an explanation about leftsourceip.

I'm trying to connect my linux box to a customer subnet. The vpn needs to be set between my box and a checkpoint firewall at a customer site.

*** Local Environment: 
- Linux kernel 2.6.32-5-amd64 SMP Fri May 10 08:43:19 UTC 2013 x86_64 GNU/Linux (debian squeeze)
- openswan 2.6.28+dfsg-5+squeeze1
- my ip address: 192.168.1.162

*** Remote environment:
- checkpoint FW1 

*** my ipsec.conf:

version 2.0

config setup
        plutodebug="control parsing"
        nat_traversal=yes
        protostack=netkey

conn checkpoint
        left=%defaultroute
        leftsubnet=192.168.1.162/32
        leftcert=my_cert.pem
        leftrsasigkey=%cert
        leftid=%fromcert
        # leftsourceip=192.168.201.49
        right=1.2.3.4 # obfuscated
        rightsubnets={ 192.168.3.0/24 192.168.4.0/24 192.168.5.0/24 }
        rightcert=their_cert.pem
        rightrsasigkey=%cert
        rightid=1.2.3.4 # obfuscated
        auto=start

The checkpoint admin has registered my ip (192.168.1.162) in it's checkpoint fw routing tables and the configuration works fine, so I can connect to the right subnets without problems.

But, alas, I need to use this vpn also from a laptop, which, some times is assigned a dhcp address different from 192.168.1.162 (let's say 192.168.100.10).

If I use the checkpoint client under windows, it creates a virtual interface, dynamically giving to it the address 192.168.201.49 and this way I can connect to the rigth subnets.

I would like to have a similar behaviour using my linux laptop, but, as far as I know, I could not create a virtual interface using netkey. I could create a ipsec0 interface using klips, but, even this way, I cannot assign an ip to it. Is there any way to solve this issue?

I tried to solve the issue using the leftsourceip=192.168.201.49 (uncomment it from the configuration) and the vpn seems to be established (I can see this using ipsec barf), but I receive this warning:

ipsec_setup: multiple ip addresses, using  192.168.1.162 on eth0 

and, if I try to connect I receive

$ ssh 192.168.3.1
ssh: connect to host 192.168.3.1 port 22: No route to host

Is there anyone that can help me?

Thanks, Luca