[Openswan Users] setting leftsourceip: no route to host?

Luca Arzeni l.arzeni at iname.com
Thu Jul 25 12:31:34 UTC 2013

I need an explanation about leftsourceip.

I'm trying to connect my linux box to a customer subnet. The vpn needs to be set between my box and a checkpoint firewall at a customer site.

*** Local Environment: 
- Linux kernel 2.6.32-5-amd64 SMP Fri May 10 08:43:19 UTC 2013 x86_64 GNU/Linux (debian squeeze)
- openswan 2.6.28+dfsg-5+squeeze1
- my ip address:

*** Remote environment:
- checkpoint FW1 

*** my ipsec.conf:

version 2.0

config setup
        plutodebug="control parsing"

conn checkpoint
        # leftsourceip=
        right= # obfuscated
        rightsubnets={ }
        rightid= # obfuscated

The checkpoint admin has registered my ip ( in it's checkpoint fw routing tables and the configuration works fine, so I can connect to the right subnets without problems.

But, alas, I need to use this vpn also from a laptop, which, some times is assigned a dhcp address different from (let's say

If I use the checkpoint client under windows, it creates a virtual interface, dynamically giving to it the address and this way I can connect to the rigth subnets.

I would like to have a similar behaviour using my linux laptop, but, as far as I know, I could not create a virtual interface using netkey. I could create a ipsec0 interface using klips, but, even this way, I cannot assign an ip to it. Is there any way to solve this issue?

I tried to solve the issue using the leftsourceip= (uncomment it from the configuration) and the vpn seems to be established (I can see this using ipsec barf), but I receive this warning:

ipsec_setup: multiple ip addresses, using on eth0 

and, if I try to connect I receive

$ ssh
ssh: connect to host port 22: No route to host

Is there anyone that can help me?

Thanks, Luca

More information about the Users mailing list