From: Frank van Maarseveen Subject: Re: NFS on a freeswan gateway? Date: Tue, 25 Jun 2002 23:15:40 +0200 Sender: nfs-admin@lists.sourceforge.net Message-ID: <20020625231540.A31629@iapetus.localdomain> References: <20020624223641.GA16108@backlot.linas.org> <20020625002317.GA16309@backlot.linas.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Received: from grootstal.nijmegen.internl.net ([217.149.192.7]) by usw-sf-list1.sourceforge.net with esmtp (Exim 3.31-VA-mm2 #1 (Debian)) id 17MyhD-0007Ko-00 for ; Tue, 25 Jun 2002 15:21:59 -0700 Received: from iapetus.localdomain by grootstal.nijmegen.internl.net via 1Cust175.tnt3.rtm1.nl.uu.net [213.116.100.175] with ESMTP for id AAA12992 (8.8.8/1.3); Wed, 26 Jun 2002 00:21:53 +0200 (MET DST) Received: (from inet1@localhost) by iapetus.localdomain (8.11.6/8.11.6) id g5PLFeH04353 for nfs@lists.sourceforge.net; Tue, 25 Jun 2002 23:15:40 +0200 To: nfs@lists.sourceforge.net In-Reply-To: <20020625002317.GA16309@backlot.linas.org>; from linas@linas.org on Mon, Jun 24, 2002 at 07:23:17PM -0500 Errors-To: nfs-admin@lists.sourceforge.net List-Help: List-Post: List-Subscribe: , List-Id: Discussion of NFS under Linux development, interoperability, and testing. List-Unsubscribe: , List-Archive: On Mon, Jun 24, 2002 at 07:23:17PM -0500, Linas Vepstas wrote: > > Hi, > > I think I made some progress on my freeswan/nfs-mount problem; > see below. > > To summarize, it appears that freeswan and/or the linux kernel is > issueing packets from the ipsec0 interface that do not carry the > ipsec0-device default source address, but rather carry the source > address of eth0/eth1. And that seems wrong to me: if a gateway I have played with FreeS/WAN and saw that an ipsec interface would always get the same address as the eth interface (i.e. on the internet) emitting the corresponding ESP packet. Routing happens in a nonobvious way. This addressing scheme is fundamentally broken (the FreeS/WAN people know it) and may be the cause of the problem. There is some other weirdness with FreeS/WAN: when you connect two networks each having a FreeS/WAN gateway machine then any packet generated on the gateway machine itself cannot be tunnelled: the packets are dropped by the FreeS/WAN address checking code (source address problem as far as I remember). Sounds like the problem you are experiencing. -- Frank ------------------------------------------------------- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn _______________________________________________ NFS maillist - NFS@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nfs