[strongSwan] Which source IP@ for egress IKEv2 packets
Martin Willi
martin at strongswan.org
Thu Feb 18 18:29:19 CET 2010
Hi,
> As we plan to implement source routing on our product, we would like to
> know if charon daemon is filling the source IP address of egress IKE
> packets with the local outer IP address ("left" parameter of the
> ipsec.conf file) and if the egress IKE IP packets go through linux
> routing stack.
If a left= address is explicitly specified, charon passes the source
address via sendmsg() to the kernel (at least on Linux, or any platform
that supports IP_PKTINFO or IP_SENDSRCADDR sendmsg() options).
Even if left= is unspecified, charon reuses the source address where it
received the IKE packet, or does a lookup in the routing tables.
So I'd yes, the source address is set when outgoing IKE packets are
routed in the kernel.
Regards
Martin
More information about the Users
mailing list