tech-net: Re: Can racoon initiate IKE negotiation using "alias IP" as the source IP ?

Subject: Re: Can racoon initiate IKE negotiation using "alias IP" as the source IP ?
To: Johnnie Chen <gis90590@cis.nctu.edu.tw>
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
List: tech-net
Date: 04/12/2004 09:28:24

-----BEGIN PGP SIGNED MESSAGE-----


racoon has no mechanism that I know of to force a "bind()" to a
particular IP. Ideally, it should use the IP address that you have
specified as the source IP for the tunnel in the SADB. (i.e. via
setkey).

A hack way around it would be to set a route using the the "-ifa" option
to force the source IP for traffic to your destination.

- --
]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net architect[
] mcr@xelerance.com      http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys

iQCVAwUBQHqZd4qHRg3pndX9AQGQsAP8CRiBffHHoHC4hejaw/qOBYUvC55a96wP
aAU1Jr/pOO5XjZygee3FghHHlkEkUn1A/uodajSkwE1taJjGQmwBfHhZ/vtPUJ7H
RGiPF3LGYS5XIc9VC1iGfe0HFP+sWYg0Xl04kuyokli1a4oJgQJnvQwpQg0Ug05Q
tIxV2i9V4uA=
=XbK7
-----END PGP SIGNATURE-----