On Mon, 2015-02-09 at 17:02 +0100, Nikos Mavrogiannopoulos wrote: > > To be honest I haven't tried it. I knew however, that openconnect does > use the same IP as well on the tun device for both the local and the > P-t-P one. I'll have to check it further, but that will not be very > soon. If there are any nice ideas to overcome that they are welcome. That's different. OpenConnect uses its *local* IP address also as the remote PtP address. The *local* address is the important one, and since we set up explicit routes or the default route over the tunnel the remote ptp address is actually fairly irrelevant?. But ocserv is using the *remote* IP also as the local IP. Which means the local host suddenly starts responding as if the remote IP is one of its own local addresses... which is an entirely different thing. -- dwmw2 ? Except on Solaris, where at least for IPv6 it's started refusing the configuration when local==remote, so we're probably just going to hard-code the remote IPv6 address to something 'unlikely' like 1::. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5745 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20150209/d228763f/attachment.bin>
