Public bug reported:
Ubuntu release: 12.04.1
Openswan version: 2.6.37-1
It appears that the openswan version in ubuntu 12.04 does not honor the
'left=' parameter when used on a host with multiple external IP
addresses on one 'public' interface. For example: I have a host with 2
IP's bound to eth0:
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 2c:76:8a:53:63:d0 brd ff:ff:ff:ff:ff:ff
inet 11.22.33.44/24 brd 82.94.228.231 scope global eth0
inet 11.22.33.46/24 scope global secondary eth0
I want to use the 11.22.33.46 address as the sending IP for this
connection. However, openswan always picks 11.22.33.44 as the sending
address, which fails to connect because that address isn't know by the
peer. (IP's are 'fake', obviously)
Installing an older version of the package (the one from 10.04 LTS),
fixes the problem. So version 2.6.23+dfsg-1ubuntu1 works correctly.
That's the workaround I'm currently using.
Example config:
conn testme
auth=esp
authby=secret
auto=start
disablearrivalcheck=no
esp=aes128-sha1
ike=aes128-sha1-modp1024
ikelifetime=24h
keyexchange=ike
keylife=8h
left=11.22.33.46
leftsourceip=10.16.1.1
leftsubnet=10.17.15.1/32
pfs=no
rekey=yes
right=99.88.77.66
rightsubnets={10.16.0.0/13,10.2.0.0/16,10.6.28.0/24}
type=tunnel
** Affects: openswan (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1092816
Title:
Openswan doesn't honor 'left=' parameter on host with multipe ip's
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openswan/+bug/1092816/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
