Re: [Users] "Interfaces" - specifying specific source IP address

From: Jeffrey Chang (jeffrey.chang_at_cs.stanford.edu)
Date: Sat Nov 02 2002 - 06:35:53 CET

• Next message: John M Soto: "Re: [Users] Re: Testing FreeSwan Gateway..."
• Previous message: Bruno Saverio Delbono: "[Users] Freeswan on a Wireless Laptop with PGPNet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Simon:

Thanks for the hint. I've tested it on my system and it works as you
described, the first IP assigned is the one used for VPN IPSec interface
mapping.

The "ipsec1:0" stuff I mentioned from the mailing list turns out to be
just a routing trick for mapping locally generated packets on tunnel
gateway into the left/right-subnet source IP address range; in Linux
v2.4, a better way to do it is to use policy routing. And it doesn't
help in solving our problem of building tunnel with its endpoint on the
gateway being mapped into the "non-first" ip address of a physical
interface . Look like Freeswan hasn't yet adopted the concept of
completely separate IP address from physical interface, as it is in
Linux v2.4 today with iproute2.

Thanks,

--- Jeffrey

Simon Matthews wrote:

> Jeffrey,
>
> I think the answer lies in the order in which you define the IP
> addresses. I have not fully tried this, but some experimentation on
> another system made me think that what you need to do is:
>
> Make sure that the first IP address that you assign to "eth0" is the
> one that will be used for the VPN.
>
> Good luck and please let me know if this works.
>
> Simon
>
> At 07:19 PM 10/28/02 -0800, Jeffrey Chang wrote:
>
>> Hi, Simon:
>>
>> I'm encountering exactly the same problem as you had; how do I force
>> Freeswan to use a specific IP address bound to an interface "eth0"?
>> I don't want to use IP alias like "eth0:0", either.
>>
>> I searched through Freeswan's user mailing list and couldn't find a
>> solution. There's a suggestion saying IP alias of "ipsec1:0" should
>> work, but I've no luck trying it yet.
>>
>> Any hint is appreciated. Thanks,
>>
>> --- Jeffrey
>>
>> Simon Matthews wrote:
>>
>>> I have 2 IP addresses on interface "eth0". They are both on "eth0",
>>> I am *not* using an interface called "eth0:0" for one of the IP
>>> addresses.
>>>
>>> How can I force Freeswan to use the second IP address on this
>>> interface? It seems to always use the lowest-numbered IP address on
>>> that interface. I currently have "interfaces=eth0" in my config.
>>>
>>> Simon
>>>
>>
>
>

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: John M Soto: "Re: [Users] Re: Testing FreeSwan Gateway..."
• Previous message: Bruno Saverio Delbono: "[Users] Freeswan on a Wireless Laptop with PGPNet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.5 : Sun Nov 03 2002 - 05:20:35 CET