On Tue, 23 Apr 2013, Axel Rau wrote:
Why do you say this? I've managed hundreds of multi-homed firewalls (some with
as many as 20 physical interfaces) and have never found that I needed to set
the source IP.
Unless you have multiple interfaces to the same network, there is no ambiguity,
the system will always use the same interface (and will use the main IP on that
interface for outbound messages when you have multiple IPs on one interface)
If you have an IPsec VPN, terminated on an OpenBSD firewall, and want to log
firewall activity to a log host, reached through the VPN, you will see the
sending socket of your syslogd binding to the interface, pointing at your
default route (which carries the encapsulated VPN traffic).
actually, you should not need to do this.
It seems to be an OpenBSD quirk.
Just make sure you start rsyslog after the VPN is up and when it establishes
the connection, it will get routed over the VPN and will auto-select the
correct source IP.
Which one? enc0 has no ip, so it selects the parent interface.
I suspect that what's happening is that you are starting rsyslog before the
VPN, so it's getting the TCP connection established over the Internet before
your routing changes.
I would be happy to agree, but no, it binds to the external interface, even if
IPSEC tunnel is up.
what do your routes look like with the tunnel up?
If you really have to set the source IP manually for rsyslog, then you would
need to do the same thing for your browser, for ssh, and every other program
that you want to have go through the VPN. I just don't see that as a reasonable
requirement to make things work with the VPN
David Lang
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
