Re: [Swan] libreswan 3.9+klips not listen on multiple secondary address

Wed, 16 Jul 2014 08:03:08 -0700 

On Wed, 16 Jul 2014, csszep wrote:


I'm migrating from openswan to libreswan and i have a host with
multiple interfaces and secondary address.

With openswan (2.6.28) the following line works:

interfaces="ipsec0=eth5:0 ipsec1=eth4:0 ipsec2=eth3:0


Are you missing a closing quote (") there ?


Pluto listens on secondary address on these interfaces


It works for me?

[root@road ~]# ifconfig eth0:1 11.1.2.3/24
[root@road ~]# ipsec version
Linux Libreswan Uv3.9-86-gc7e82bb-master/K(no kernel code presently
loaded) on 3.13.6-200.fc20.x86_64
[root@road ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.1.3.209  netmask 255.255.255.0  broadcast 192.1.3.255
        ether 12:00:00:ab:cd:02  txqueuelen 1000  (Ethernet)
        RX packets 10342  bytes 2533695 (2.4 MiB)
        RX errors 0  dropped 5  overruns 0  frame 0
        TX packets 11878  bytes 9857645 (9.4 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 11.1.2.3  netmask 255.255.255.0  broadcast 11.1.2.255
        ether 12:00:00:ab:cd:02  txqueuelen 1000  (Ethernet)

[root@road ~]# grep interfaces /etc/ipsec.conf
        interfaces="ipsec0=eth0:1"
[root@road ~]# ipsec start
Redirecting to: systemctl start ipsec.service
[root@road ~]# grep interface /tmp/pluto.log Using KLIPS IPsec interface code on 3.13.6-200.fc20.x86_64 | Inspecting interface lo | Inspecting interface eth0 | Inspecting interface eth0:1 | Inspecting interface ipsec0 adding interface ipsec0/eth0:1 11.1.2.3:500 
adding interface ipsec0/eth0:1 11.1.2.3:4500
| IP interface eth0 192.1.3.209 has no matching ipsec* interface -- ignored
| IP interface lo 127.0.0.1 has no matching ipsec* interface -- ignored

[root@road ~]# ipsec tncfg
ipsec0 -> eth0 mtu=16260(1500) -> 1500
ipsec1 -> NULL mtu=0(0) -> 0

test on machine with multiple interfaces:

[root@east ~]# ifconfig eth0:0 10.0.0.0/24
[root@east ~]# ifconfig eth1:0 10.0.1.0/24
[root@east ~]# ifconfig eth2:0 10.0.2.0/24
[root@east ~]# grep interfaces /etc/ipsec.conf
        interfaces="ipsec0=eth0:0 ipsec1=eth1:0 ipsec2=eth2:0"

ot@east ~]# ipsec version
Linux Libreswan Uv3.9-86-gc7e82bb-master/K(no kernel code presently
loaded) on 3.13.6-200.fc20.x86_64
[root@east ~]# ipsec start
Redirecting to: systemctl start ipsec.service
[root@east ~]# grep interface /tmp/pluto.log Using KLIPS IPsec interface code on 3.13.6-200.fc20.x86_64 | Inspecting interface lo | Inspecting interface eth0 | Inspecting interface eth0:0 | Inspecting interface eth1 | Inspecting interface eth1:0 | Inspecting interface eth2 | Inspecting interface eth2:0 | Inspecting interface ipsec0 | Inspecting interface ipsec1 | Inspecting interface ipsec2 adding interface ipsec2/eth2:0 10.0.2.0:500 
adding interface ipsec2/eth2:0 10.0.2.0:4500
| IP interface eth2 192.9.2.23 has no matching ipsec* interface --
ignored
adding interface ipsec1/eth1:0 10.0.1.0:500
adding interface ipsec1/eth1:0 10.0.1.0:4500
| IP interface eth1 192.1.2.23 has no matching ipsec* interface --
ignored
adding interface ipsec0/eth0:0 10.0.0.0:500
adding interface ipsec0/eth0:0 10.0.0.0:4500
| IP interface eth0 192.0.2.254 has no matching ipsec* interface --
ignored
| IP interface lo 127.0.0.1 has no matching ipsec* interface -- ignored
[root@east ~]#

Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan

Reply via email to