World’s fastest IPSec fix?
The other week I had to setup an IPSec gateway at work. After fighting various issues for a while (not adding a new rule to tell the firewall to _not_ NAT the packets being one), I hit a problem which was easier to diagnose.
Our firewall has four external IPs, when I started up the VPN manually it correctly used the IP I told it to, but then unfortunately sent it using one of the other IPs. This was a problem. Fortunately the “automatically start VPN when required” policies worked just fine.
I posted about this to the ipsec list, including details of where I’d traced it back to in the code. A whole eight minutes later I had received an explanation (what I’d guessed was going on TBH) and details of how to workaround it. I love open source support (most of the time).
Posted: January 13th, 2009 under Linux.
Comments: none
Write a comment