--- Begin Message ---
- To: "Debian Bug Tracking System" <submit@bugs.debian.org>
- Subject: pkcipe: Should set up 'me' to be the address of the interface the client connection was received on
- From: "KORN Andras" <korn@chardonnay.math.bme.hu>
- Date: Sat, 01 Jun 2002 18:49:30 +0200
- Message-id: <20020601164930.18103.qmail@hellgate.intra.guy>
Package: pkcipe
Version: 1.5.2free-9
Severity: important
Hi,
I have a system with two independent links to the internet. I want cipe
traffic to use one interface (let's call it 'A') and everything else to use
the other interface ('B').
I wanted to accomplish this by connecting the pkcipe clients to the IP of
interface 'A'; I assumed this would be the IP pkcipe writes into the options
file for ciped as 'me'. But pkcipe always uses the IP of interface 'B',
probably for one or more of the following reasons:
- it is the 'primary interface' (eth0)
- it is the interface the default route points through
- it is the interface packets towards the clients would normally go out on
This is a major problem, because it means that on the clients I can't add a
route towards the subnet that includes 'B' through the cipe interface,
because the cipe packets themselves would be routed through the tunnel,
which obviously doesn't work.
The bug imho qualifies as 'important' because it can create all sorts of
unexpected routing and packet filtering screwups, 'making the package
unusable or mostly so to some people' (unless pains are taken to work around
the bug). Feel free to downgrade the priority if you don't agree.
Again, I think the correct behaviour would be to allocate the udp socket on
the interface the incoming tcp connection to pkcipe used (which should be
fairly easy to do).
Andrew
--
Andrew Korn (Korn Andras) <korn@chardonnay.math.bme.hu>
Finger korn@chardonnay.math.bme.hu for pgp key. QOTD:
Always address your elders with respect; they could leave you a fortune.
-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux hellgate 2.4.18-ak1.2-hellgate #1 Tue Mar 19 23:30:22 CET 2002 i586
Locale: LANG=C, LC_CTYPE=C
Versions of packages pkcipe depends on:
ii cipe-common 1.5.2free-9 Common files for CIPE VPN software
ii libc6 2.2.5-6 GNU C Library: Shared libraries an
ii libssl0.9.6 0.9.6c-2 SSL shared libraries
ii openssl 0.9.6c-2 Secure Socket Layer (SSL) binary a
-- no debconf information
--- End Message ---