Description of problem:
Left/rightsourceip tags for ipsec.conf don't seem to work. These are required to
easily set up gateway-to-gateway communications.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Configure network-to-network setup using configuration below
2. Start the connection and verify it
3. Notice that even if 'leftsourceip' and 'rightsourceip' are given, nor ping or
the data is going between the gateway nodes without manually binding the
application to local interface. ping -I, ssh -b etc. Given the bind, works as
One more interesting thing: seems that once given the bind address ping itself
does not obey ctrl+c (on serial console at least) and has to be killed (state S+).
We noticed this issue as well. It seems it is related to the _updown.netkey
script. When adding a "set -x" to investigate, we notice it is complaining about
some weird "\134" character. We verified the script is pure ASCII, so we are
somewhat confused right now as to what the real issue is.
note that in 2.6.24, the "ip route replace" command seems to be broken. At
least, according to
This might not be our bug.
The leftsourceip= bug has been found. It will be fixed in 2.5.17 and 2.6.08,
which will be released Mon Feb 25 (tomorrow).
Quick fix is to change _updown.netkey/*in and remove all the code in the
"prepare-client" case. This is a leftover from KLIPS (_updown.klips)
This accidentally got re-introduced. And is fixed in openswan 2.6.12
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.