[Swan] libreswan 3.9+klips not listen on multiple secondary address
Marc-Christian Petersen
m.c.p at gmx.de
Wed Jul 16 21:36:34 EEST 2014
Hi csszep,
maybe something like this will help you?
it's for /usr/lib/ipsec/_stackmanager
--- old/_stackmanager 2014-07-09 20:55:10.000000000 +0200
+++ new/_stackmanager 2014-07-09 21:03:19.509976750 +0200
@@ -361,11 +361,12 @@ startklips() {
ipsec tncfg --attach --virtual ${virt} --physical ${phys}
# configure all the IPv4/IPv6 addresses (including point-to-point)
- ip addr show dev ${phys} | \
+ ip addr show dev ${phys} label ${phys} | \
awk '$1 == "inet" || ($1 == "inet6" && !/ dynamic/) {
cmd = "ip addr add"
if ($1 == "inet")
sub(" [^ ]+:[^ ]+"," ",$0)
+ sub("secondary","",$0)
sub("/.*","",$2)
sub("dynamic","",$0)
for (i = 2; i < NF; i++) {
Am 16.07.2014 um 14:47:37 Uhr schrieb csszep <csszep at gmail.com>:
> Hello!
>
> I'm migrating from openswan to libreswan and i have a host with
> multiple interfaces and secondary address.
>
> With openswan (2.6.28) the following line works:
>
> interfaces="ipsec0=eth5:0 ipsec1=eth4:0 ipsec2=eth3:0
>
> Pluto listens on secondary address on these interfaces
>
> Libreswan do nothing:
>
> 2014-07-16T14:42:18+02:00 ngm-fw1 pluto[21053]: Using KLIPS IPsec
> interface code on 2.6.32-2-generic-zorp34
> 2014-07-16T14:42:18+02:00 ngm-fw1 pluto[21053]: listening for IKE messages
> 2014-07-16T14:42:18+02:00 ngm-fw1 pluto[21053]: no public interfaces found
>
> Any hint how to listen a multiple specific alias interface or
> secondary address with klips+libreswan?
More information about the Swan
mailing list