Hi Paul,
I was following your logic. If you have:
leftsubnets=1.2.3.0/24,5.6.7.0/24,6.7.8.0/24
leftsourceips=1.2.3.4,5.6.7.8
Then for each leftlourceips, loop through leftsubnets. Then if the
leftsourceip exists in one of the subnets then add a route. In this
case, there is no leftsourceip for the 6.7.8.0/24 subnet so no route
is added, but routes are added for the other two subnets.
My scripting skills may not be good enough for this. Also my
knowledge would not have picked up your /32 case.
Nick
On 27/01/2019 19:10, Paul Wouters
wrote:
On Sat, 26 Jan 2019, Nick Howitt wrote:
It would be nice if we could extend
that functionality to cover all
combinatory cases with a multiple
leftsourceip=1.2.3.4,5.6.7.8 but we
don’t currently.
Ugh. That points to multiple conns then, doesn't it? I wouldn't
have thought the logic wouldn't be too difficult to implement
(pick the source IP from the subnet you are instantiating ...)
but it is more time and effort.
It's tricky. You have to do this in _updown.netkey. You have to
first
figure out if the gateway has an IP in the local subnet or whether
it is
just routing the subnet. then if you find that IP, you need to add
a source route to the destination IP. And exlude things like the
remote is
a /32 to which you also have to talk IKE/IPsec (prevent imploding)
At least the connections instantiate, so there is only one left
and
right subnet for the instance of te _updown.netkey running. So it
is
possible to do.
I'm not sure if there are valid reasons for an admin to NOT want
to
add this source route.
Anyway, I'd say patches are welcome from people with shell fu :)
Paul
|
_______________________________________________
Swan mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan
