On Sat, 26 Jan 2019, Nick Howitt wrote:
It would be nice if we could extend that functionality to cover all
combinatory cases with a multiple leftsourceip=1.2.3.4,5.6.7.8 but we
don’t currently.
Ugh. That points to multiple conns then, doesn't it? I wouldn't have thought
the logic wouldn't be too difficult to implement (pick the source IP from the
subnet you are instantiating ...) but it is more time and effort.
It's tricky. You have to do this in _updown.netkey. You have to first
figure out if the gateway has an IP in the local subnet or whether it is
just routing the subnet. then if you find that IP, you need to add a
source route to the destination IP. And exlude things like the remote is
a /32 to which you also have to talk IKE/IPsec (prevent imploding)
At least the connections instantiate, so there is only one left and
right subnet for the instance of te _updown.netkey running. So it is
possible to do.
I'm not sure if there are valid reasons for an admin to NOT want to
add this source route.
Anyway, I'd say patches are welcome from people with shell fu :)
Paul
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
