James Carlson wrote:
Darren Reed writes:
James Carlson wrote:
Darren Reed writes:
James Carlson wrote:
It's the usual UDP application problem: if you're a UDP-based server,
then you're supposed to use the same IP address and port as the source
values in your reply as the client originally used in his destination.
The question in my mind was: why can't the IKE daemon use a single IP
address -
why does it need to use "every" address?
Because clients can send packets to "any" address.
But how do they choose which one to send to?
Do they just pick the other end of the tunnel?
I'm confused. Why does it matter?
This is the IKE daemon we're talking about, not the Sun-specific
punchin code. The IKE daemon is general-purpose. It has to work on
any Solaris system using IPsec, whether or not it has tunnels, and
regardless of the number of configured IP interfaces.
...
This is a very, very common issue for UDP daemons. For example, it's
an issue that affects DNS servers and RIP.
Because with DNS we can tell clients to use address X, even if
the server can also recieve packets on Y and Z. DNS clients
typically learn which address to use via one of two methods:
static configuration or DHCP. Neither of which typically lead
to an unbounded number of addresses for it to receive packets
from clients on.
So I suppose what I'm wondering is why does IKE need to use
any (or every!) address available and not one of a few that
are preconfigured on the server?
Are the IKE clients learning the server address via DHCP or
some other mechanism? Is there scope to restrct that learnt
address to be a single address or will things stop working?
Darren
_______________________________________________
networking-discuss mailing list
[email protected]
