[Swan] no work - Subnet extrusion - in CentOS 6.8

Paul Wouters paul at nohats.ca
Fri Jul 29 09:12:07 UTC 2016


> Date: Fri, 29 Jul 2016 03:53:44
> From: Sergey Mihailov <sergey.mihailov at gmail.com>
> To: swan at lists.libreswan.org
> Subject: Re: [Swan] no work - Subnet extrusion - in CentOS 6.8
> 
> 2016-07-26 11:44 GMT+03:00 Paul Wouters <paul at nohats.ca>:
> ...
> It can affect the operation of iptables rules ?

I see a lot of email related to libreswan. Please leave in more
information in emails for me to remeber what we were talking about :)

the leftsourceip= option adds an iptables rules to prefer the sourceip
over the default "nearest ip" of the gateway to use for talking to the
remote subnet. usually, the real public ip is "nearer" to the outside,
so the gateway itself needs to be instructed to use its internal ip
so packets get properly encrypted.

Paul


More information about the Swan mailing list