Date: Tue, 17 Apr 2001 22:20:14 +0900 From: Shoichi Sakane <sakane@ydc.co.jp> To: lionnel.chaptal@IPricot.com Cc: freebsd-security@freebsd.org Subject: Re: IPSEC/Racoon/local adress when initiator Message-ID: <20010417222014P.sakane@ydc.co.jp> In-Reply-To: Your message of "Fri, 13 Apr 2001 12:09:11 %2B0200" <3AD6D047.91F3F843@IPricot.com> References: <3AD6D047.91F3F843@IPricot.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> FBSD(eth)--|--(eth)GW(eth)--(eth)Cisco(eth)--| > | |--(eth)host > host(eth)---| > On the FBSD side, there is only one NIC, so I have set up an alias > address on the ethernet interface. Why don't you buy another NIC for FBSD box ? > So the FBSD eth iface has one address in the net-to-be-tunneled > (192.168.0.1/24) and another for the tunnel-transported-lan (1.2.3.4 or > whatever). > The gateway for the FBSD (GW) has only one address in the same net as > the net-to-be-tunneled (for instance 192.168.0.254). So racoon is > binding on the eth iface with the address 192.168.0.1 > [sockmisc.c/getlocaladdr()]. The frame are beeing sent from 192.168.0.1 > whereas they should come from 1.2.3.4 When racoon is initiator, I think it is not racoon's problem. It depends on IPv4 source address selection of FreeBSD box. Actually racoon can recoginize alias addresses, and I believe racoon can use this address as source address when racoon is responder. So I want to show the whole log of racoon during the negotiation after racoon started. Please send me directly the log. /Shoichi Sakane @ KAME project/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010417222014P.sakane>