Caught at one hundred and twenty metres per second

Entries from October 2006

Quicksearch

Thursday, October 12. 2006

Openswan configuration Posted by Filip Van Raemdonck in software at 18:42

Comments (0)
Trackbacks (0)

Today I discovered a very useful and nearly undocumented Openswan configuration parameter, which goes by the name of leftsourceip (and symmetrically rightsourceip). What it does is telling the Linux Openswan VPN gateway what address to send traffic from, which it generates itself, and is destined for the other side of the VPN connection. Apparently there are some caveats when using the KLIPS IPsec stack, but it works great when using NETKEY. Details available in the thread up to and following this message on the Openswan Users mailinglist.

The immediate advantage of using leftsourceip is that you can just reach machines on the far end of the connection, from either gateway where you've set it, without having to specify source interface or address on the internal network.

There's already a patch in the Openswan BTS; hopefully it will be integrated soon.

« previous page (Page 1 of 1, totaling 1 entries) next page »
Frontpage

about this blog

This weblog contains the ramblings of Filip Van Raemdonck. He is a male system administrator in his early thirties, happily married, and happens to be passionate about fast motorcycles and photography.

Syndicate This Blog

ATOM 1.0 feed

Comments

Filip about Back
Thu, 03.07.2008 19:36 CEST
Everything's going great with the pregnancy. Only six weeks left now :) It's a hard tim e when you lose a baby, [...]

lou about Back
Tue, 01.07.2008 22:18 CEST
Robertsonian translocation how's thing turn out since las t Sept? I read your story abo ut the baby thing. I am [...]

Adult Ühler about I'm junior now
Mon, 30.06.2008 14:36 CEST
I didn't know there were these kinds of exams. I am new to l inux and still don't know how to do barely anything in [...]

Thomas Koch about I'm junior now
Sun, 06.04.2008 16:59 CEST
You're right, that not only so me, but many questions in the LPI are not up to date and tha t you probably don't use [...]

Filip Van Raemdonck about Lilo LVM fixed root
Fri, 04.04.2008 13:14 CEST
Sure, it does it's job fine (m ost of the time :). And it's straightforward. Why not us e it?

Matthew W. S. Bell about Lilo LVM fixed root
Thu, 27.03.2008 19:53 CET
You still use LILO?!

Anonymous Coward about Lilo LVM fixed root
Thu, 27.03.2008 00:51 CET
Can't you use UUID-naming?

Filip about Clueless
Tue, 18.03.2008 21:45 CET
If it were the old blog, it /m ight/ have been from some comm ent spam. Then again, I cou ldn't find any reference [...]

Filip about Clueless
Tue, 18.03.2008 21:34 CET
That's highly dependent on you r age. I do know who Racquel Darrian is...

Paul Bonser about Clueless
Tue, 18.03.2008 18:16 CET
In my logs I was interested to find that searching for "ladi es pro wrestling" (6 hits from this one) and "jello wr [...]