[PATCH -ocserv 4/5] Use distinct remote and local IPs when explicit_ipv[46] is specified
David Woodhouse
dwmw2 at infradead.org
Mon Feb 9 08:07:56 PST 2015
On Mon, 2015-02-09 at 17:02 +0100, Nikos Mavrogiannopoulos wrote:
>
> To be honest I haven't tried it. I knew however, that openconnect does
> use the same IP as well on the tun device for both the local and the
> P-t-P one. I'll have to check it further, but that will not be very
> soon. If there are any nice ideas to overcome that they are welcome.
That's different. OpenConnect uses its *local* IP address also as the
remote PtP address. The *local* address is the important one, and since
we set up explicit routes or the default route over the tunnel the
remote ptp address is actually fairly irrelevant¹.
But ocserv is using the *remote* IP also as the local IP. Which means
the local host suddenly starts responding as if the remote IP is one of
its own local addresses... which is an entirely different thing.
--
dwmw2
¹ Except on Solaris, where at least for IPv6 it's started refusing the
configuration when local==remote, so we're probably just going to
hard-code the remote IPv6 address to something 'unlikely' like 1::.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20150209/d228763f/attachment.bin>
More information about the openconnect-devel
mailing list