Firewall Wizards mailing list archives
Re: OpenBSD IPSEC VPN question
From: "Paul D. Robertson" <paul () compuwar net>
Date: Tue, 30 Apr 2013 18:31:45 -0400
I'd expect a connect() to bind implicitly to IP_ADDR_ANY and have the system fill in the source address by default based on the destination route if the client doesn't specify an explicit bind address and for traffic destined to go through the VPN to do so- it sounds like it doesn't- but without more data, I'd be wary of troubleshooting it (NAT, filtering...) However, I'd also advocate being able to explicitly set the bind() address to prevent data leakage to less-specific routes in the case of interface or route failure- especially for logs. Paul -- President and Chairman, FluidIT Group Moderator, Firewall-Wizards http://pauldrobertson.net http://pauldrobertson.com @compuwar On Apr 30, 2013, at 15:56, Bennett Todd <bet () rahul net> wrote:
When you've got a vpn up, you're multi-homed, the Unix way for a client to choose a network to use, when there are multiple choices, is to specify the src ip to bind to. I think that's the behavior I'd expect anywhere. _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- OpenBSD IPSEC VPN question David Lang (Apr 30)
- Re: OpenBSD IPSEC VPN question Bennett Todd (Apr 30)
- Re: OpenBSD IPSEC VPN question Paul D. Robertson (Apr 30)
- Re: OpenBSD IPSEC VPN question David Lang (Apr 30)
- Re: OpenBSD IPSEC VPN question Bennett Todd (Apr 30)