Re: OpenBSD IPSEC VPN question

["Paul D. Robertson" <paul () compuwar net>]

It's been a while since I've done it, but Linux used to make an ipsec0 interface that was handled with the standard 
routing table.  Possibly in *BSD you need to use a gre or gif tunnel to achieve the same thing?

Paul
--
President and Chairman, FluidIT Group
Moderator, Firewall-Wizards
http://pauldrobertson.net
http://pauldrobertson.com
@compuwar

On Apr 30, 2013, at 20:45, Chris Buechler <fw-wiz () chrisbuechler com> 
[snip]
> This is true of all the BSDs with IPsec (and maybe Linux and other
> *nix OSes but not sure of those). Traffic that doesn't have a specific
> source IP set gets the source IP that's closest to the destination per
> the routing table. IPsec doesn't have a routing table entry, traffic
> follows the SPD. So it ends up getting the IP that's nearest the
> default gateway, which is most always a public IP, which is most
> always not going to match the IPsec SPD. Traffic only goes across the
> VPN if the source IP is set to a private local IP matching the SPD.
> There's an ugly work around to add a static route pointing the remote
> IPsec network to the LAN IP of the box, which will make the OS source
> its traffic to that remote network appropriately and not require
> specifying the source IP.
>
> Regardless, having an option of what source IP to use for rsyslog
> would come in handy in cases other than this and is probably a good
> idea.
>
> Chris
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () listserv icsalabs com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards