On Wed, 5 Nov 2014, Wolfgang Nothdurft wrote:
When using modecfg to assign a local ip address to a xauth client, you have
the problem that you can't access local machines, because of the missing arp
answer.
Maybe I missed something, but I don't found any info, how to solve this
scenario.
So I added a function to _updown.klips.
It checks if the ip address of the peer is local routed and if so adds a
proxy arp entry.
The check must be done before the eroute is set, otherwise you get the ipsec
device.
I don't know, if netkey has the same problem.
Thanks for the patch! We'll look at it and create test cases and pull it
in.
One thing todo is maybe to call this function only with xauth connections.
I wouldn't do that because for IKEv2 with addresspool, we would also
want this.
Paul
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
