[prev in list] [next in list] [prev in thread] [next in thread]
List: strongswan-users
Subject: Re: [strongSwan] Which source IP@ for egress IKEv2 packets
From: Martin Willi <martin () strongswan ! org>
Date: 2010-02-18 17:29:19
Message-ID: 1266514159.2467.63.camel () martin-desktop
[Download RAW message or body]
Hi,
> As we plan to implement source routing on our product, we would like to
> know if charon daemon is filling the source IP address of egress IKE
> packets with the local outer IP address ("left" parameter of the
> ipsec.conf file) and if the egress IKE IP packets go through linux
> routing stack.
If a left= address is explicitly specified, charon passes the source
address via sendmsg() to the kernel (at least on Linux, or any platform
that supports IP_PKTINFO or IP_SENDSRCADDR sendmsg() options).
Even if left= is unspecified, charon reuses the source address where it
received the IKE packet, or does a lookup in the routing tables.
So I'd yes, the source address is set when outgoing IKE packets are
routed in the kernel.
Regards
Martin
_______________________________________________
Users mailing list
Users@lists.strongswan.org
https://lists.strongswan.org/mailman/listinfo/users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic