[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#148751: marked as done (pkcipe: Should set up 'me' to be the address of the interface the client connection was received on)

Your message dated Sat, 04 Aug 2007 18:12:30 +0200
with message-id <87zm17xor5.fsf@slavuj.carpriv.carnet.hr>
and subject line Removed
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Package: pkcipe
Version: 1.5.2free-9
Severity: important


I have a system with two independent links to the internet. I want cipe
traffic to use one interface (let's call it 'A') and everything else to use
the other interface ('B').

I wanted to accomplish this by connecting the pkcipe clients to the IP of
interface 'A'; I assumed this would be the IP pkcipe writes into the options
file for ciped as 'me'. But pkcipe always uses the IP of interface 'B',
probably for one or more of the following reasons:

- it is the 'primary interface' (eth0)
- it is the interface the default route points through
- it is the interface packets towards the clients would normally go out on

This is a major problem, because it means that on the clients I can't add a
route towards the subnet that includes 'B' through the cipe interface,
because the cipe packets themselves would be routed through the tunnel,
which obviously doesn't work.

The bug imho qualifies as 'important' because it can create all sorts of
unexpected routing and packet filtering screwups, 'making the package
unusable or mostly so to some people' (unless pains are taken to work around
the bug). Feel free to downgrade the priority if you don't agree.

Again, I think the correct behaviour would be to allocate the udp socket on
the interface the incoming tcp connection to pkcipe used (which should be
fairly easy to do).


            Andrew Korn (Korn Andras) <korn@chardonnay.math.bme.hu>
             Finger korn@chardonnay.math.bme.hu for pgp key. QOTD:
   Always address your elders with respect; they could leave you a fortune.

-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux hellgate 2.4.18-ak1.2-hellgate #1 Tue Mar 19 23:30:22 CET 2002 i586

Versions of packages pkcipe depends on:
ii  cipe-common                  1.5.2free-9 Common files for CIPE VPN software
ii  libc6                        2.2.5-6     GNU C Library: Shared libraries an
ii  libssl0.9.6                  0.9.6c-2    SSL shared libraries
ii  openssl                      0.9.6c-2    Secure Socket Layer (SSL) binary a

-- no debconf information

--- End Message ---
--- Begin Message ---
cipe has been removed from Debian.  For details, please see

--- End Message ---

Reply to: