Followup to: <E1BiRmc-0000Jv-00@gondolin.me.apana.org.au> By author: Herbert Xu <herbert@gondor.apana.org.au> In newsgroup: linux.dev.net > > This is an issue that the KM (e.g., openswan) should deal with > by adding a route with the appropriate source address. In fact, > openswan already deals with it. What you want to do is set > leftsourceip/rightsourceip. Unfortunately this isn't currently > documented in ipsec.conf.5. > Indeed it does... adding this and banging some more on my iptables made it work. I have to say OpenSWAN is a nice piece of work. I'll put making a doc patch on my short-term todo list. This seems like an important fix. -hpa - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
