Package: racoon
Version: 1:0.7.3-3
Severity: wishlist
Our security gateway has multiple local IP addresses. Since our peers
care about which IP address they see requests from, we have to pick the
right source our end.
Currently racoon appears to lack this ability. Instead, I have to work
around it by a rather fragile:
ip route add DEST via ROUTER
so the side-effect of that host route means the correct local source is
chosen. This is fragile because it relies on knowing which router to use
just to use the right local IP. Further, it relates to all traffic to
that peer, not just ISAKMP traffic.
It would be useful if we could
remote 1.2.3.4 {
local 5.6.7.8;
exchange_mode main;
...
}
to have racoon bind() the socket its end.
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages racoon depends on:
ii debconf [debconf-2.0] 1.5.28 Debian configuration management sy
ii ipsec-tools 1:0.7.3-3 IPsec tools for Linux
ii libc6 2.10.2-6 Embedded GNU C Library: Shared lib
ii libcomerr2 1.41.11-1 common error description library
ii libgssapi-krb5-2 1.8+dfsg~alpha1-7 MIT Kerberos runtime libraries - k
ii libk5crypto3 1.8+dfsg~alpha1-7 MIT Kerberos runtime libraries - C
ii libkrb5-3 1.8+dfsg~alpha1-7 MIT Kerberos runtime libraries
ii libpam0g 1.1.1-2 Pluggable Authentication Modules l
ii libssl0.9.8 0.9.8m-2 SSL shared libraries
ii perl 5.10.1-11 Larry Wall's Practical Extraction
racoon recommends no packages.
racoon suggests no packages.
-- debconf information:
* racoon/config_mode: direct
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
